From caa4be407258b0cf03b916bddcbe12f280b6b677 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 28 Jan 2025 15:53:16 +0100
Subject: [PATCH] po: update pot files

---
 po/bg.po                 |   32 +-
 po/ca.po                 |   32 +-
 po/cs.po                 |   32 +-
 po/de.po                 |   32 +-
 po/es.po                 |   32 +-
 po/eu.po                 |   32 +-
 po/fi.po                 |   32 +-
 po/fr.po                 |   32 +-
 po/hu.po                 |   32 +-
 po/id.po                 |   32 +-
 po/it.po                 |   32 +-
 po/ja.po                 |   32 +-
 po/ka.po                 |   32 +-
 po/ko.po                 |   32 +-
 po/nb.po                 |   32 +-
 po/nl.po                 |   32 +-
 po/pl.po                 |   32 +-
 po/pt.po                 |   32 +-
 po/pt_BR.po              |   32 +-
 po/ru.po                 |   32 +-
 po/sssd.pot              |   32 +-
 po/sv.po                 |   32 +-
 po/tg.po                 |   32 +-
 po/tr.po                 |   32 +-
 po/uk.po                 |   32 +-
 po/zh_CN.po              |   32 +-
 po/zh_TW.po              |   32 +-
 src/man/po/br.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/ca.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/cs.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/de.po         | 1953 ++++++++++++++++++-------------------
 src/man/po/es.po         | 1953 ++++++++++++++++++-------------------
 src/man/po/eu.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/fi.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/fr.po         | 1953 ++++++++++++++++++-------------------
 src/man/po/ja.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/lv.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/nl.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/pt.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/pt_BR.po      | 1944 ++++++++++++++++++-------------------
 src/man/po/ru.po         | 1957 +++++++++++++++++++-------------------
 src/man/po/sssd-docs.pot | 1946 ++++++++++++++++++-------------------
 src/man/po/sv.po         | 1957 +++++++++++++++++++-------------------
 src/man/po/tg.po         | 1944 ++++++++++++++++++-------------------
 src/man/po/uk.po         | 1957 +++++++++++++++++++-------------------
 src/man/po/zh_CN.po      | 1944 ++++++++++++++++++-------------------
 46 files changed, 19132 insertions(+), 18736 deletions(-)

diff --git a/po/bg.po b/po/bg.po
index 2e3e1e3ac0..ec7d4cb444 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:44-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/"
@@ -1932,63 +1932,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/ca.po b/po/ca.po
index 8bd0990779..2f33a83a80 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2017-10-15 03:02-0400\n"
 "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
 "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
@@ -2053,63 +2053,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Sense memòria\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Un descriptor de fitxer obert pels registres de depuració"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/cs.po b/po/cs.po
index 2fabbc24f4..42f4fbfbc9 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-06-22 16:36+0000\n"
 "Last-Translator: Jan Kalabza <jan.kalabza@gmail.com>\n"
 "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-"
@@ -2091,64 +2091,64 @@ msgstr "Nepodařilo se ukončit proces SSSD 'monitor': %s"
 msgid "Out of memory\n"
 msgstr "Došla paměť\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Zap/vyp. ladící zpětné volání funkce (backtrace)"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Otevřený popisovač souboru pro záznam ladících informací"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "K vyžádání FAST chráněného tiketu použít anonymní PKINIT"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Kerberos oblast (realm) kterou použít"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Požadovaná životnost lístku"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Požadovaná obnovitelná životnosti lístku"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "FAST volby („never“, „try“, „demand“)"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "Určuje principal serveru které použít pro FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Požaduje kanonizaci názvu principalu"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Použít uživatelsky určenou verzi krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "Identifikátor Tevent řetězce použitého pro účely přihlašování se"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "Zkontrolovat PAC příznaky"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf se nezdařilo.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd se nezdařilo.\n"
 
diff --git a/po/de.po b/po/de.po
index 0881afce72..af6295a91f 100644
--- a/po/de.po
+++ b/po/de.po
@@ -13,7 +13,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2022-07-01 09:40+0000\n"
 "Last-Translator: Joachim Philipp <joachim.philipp@gmail.com>\n"
 "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/"
@@ -2033,64 +2033,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Nicht genügend Speicher\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Fehlerdiagnose Rückverfolgung ein-/ausschalten"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Offener Dateideskriptor für die Debug-Protokolle"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/es.po b/po/es.po
index f6c1df8920..d9d16d8a96 100644
--- a/po/es.po
+++ b/po/es.po
@@ -18,7 +18,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-07-01 16:36+0000\n"
 "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
 "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/"
@@ -2150,64 +2150,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Falta memoria\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Habilitar/deshabilitar el rastreo de depuración"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Un arhivo abierto de descriptor para los registros de depuración"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Reino Kerberos a usar"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Tiempo de vida pedido del ticket"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Teimpo de vida renovable pedido del ticket"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "Opciones FAST ('never', 'try', 'demand')"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "Especifica el servidor principal a usar por FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Solicita la canonización del nombre principal"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Usar versión personal de krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf falló.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd falló.\n"
 
diff --git a/po/eu.po b/po/eu.po
index 1257b3d10f..7f7d9ed657 100644
--- a/po/eu.po
+++ b/po/eu.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:45-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -1924,63 +1924,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/fi.po b/po/fi.po
index 343413f109..97df36b3ec 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-05-08 19:36+0000\n"
 "Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
 "memory@weblate.org>\n"
@@ -1943,64 +1943,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Muisti loppui!\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Ota käyttöön/poista käytöstä virheenjäljitys"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/fr.po b/po/fr.po
index 00db1a7b4c..a723a416b5 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -19,7 +19,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-09-02 11:38+0000\n"
 "Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
 "Language-Team: French <https://translate.fedoraproject.org/projects/sssd/"
@@ -2167,64 +2167,64 @@ msgstr "Échec du démarrage du processus SSSD 'monitor' : %s"
 msgid "Out of memory\n"
 msgstr "Mémoire saturée\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Activer/Désactiver Backtrace débogage"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "Utilisez le PKINIT anonyme pour obtenir un ticket FAST armor"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Domaine Kerberos à utiliser"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Demande de renouvellement à vie du billet"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Demande de renouvellement à vie du billet"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "Options FAST ('never', 'try', 'demand')"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "Spécifie le principal de serveur afin d'utiliser FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Demande la canonisation du nom principal"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "ID de chaîne Tevent utilisé à des fins de journalisation"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "Vérifier les indicateurs PAC"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "Échec de talloc_asprintf.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "Échec de set_debug_file_from_fd.\n"
 
diff --git a/po/hu.po b/po/hu.po
index 150ebc855a..457bc704ce 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:45-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/"
@@ -1928,63 +1928,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Elfogyott a memória\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/id.po b/po/id.po
index 7822296ff7..ecbaff0511 100644
--- a/po/id.po
+++ b/po/id.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:46-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/"
@@ -1925,63 +1925,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Kehabisan memori\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/it.po b/po/it.po
index 6183ab1ef5..535dd33afb 100644
--- a/po/it.po
+++ b/po/it.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2020-09-15 08:29+0000\n"
 "Last-Translator: Milo Casagrande <milo@milo.name>\n"
 "Language-Team: Italian <https://translate.fedoraproject.org/projects/sssd/"
@@ -1945,63 +1945,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Memoria esaurita\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Un descrittore di file aperto per l'output di debug"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/ja.po b/po/ja.po
index 8777f689ca..1f26ddc153 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2023-06-10 12:20+0000\n"
 "Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
 "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/"
@@ -2024,64 +2024,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "メモリー不足\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "デバッグバックトレースの有効化/無効化"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "デバッグログのオープンファイルディスクリプター"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "匿名の PKINIT を使用して FAST の armo チケットを要求する"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "使用する Kerberos レルム"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "チケットの要求された有効期間"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "チケットの要求された更新可能な有効期間"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "FAST のオプション ('never'、'try'、'demand')"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "FAST で使用するサーバープリンシパルを指定します"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "プリンシパル名の正規化を要求します"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "デバッグのロギングの冗長性を設定する"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "PAC フラグを確認する"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf は失敗しました。\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd は失敗しました。\n"
 
diff --git a/po/ka.po b/po/ka.po
index e14a2bc256..9122ff1acd 100644
--- a/po/ka.po
+++ b/po/ka.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-06-19 04:36+0000\n"
 "Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n"
 "Language-Team: Georgian <https://translate.fedoraproject.org/projects/sssd/"
@@ -1926,63 +1926,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "მეხსიერება გადახარჯულია\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf ჩავარდა.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/ko.po b/po/ko.po
index c3a1975e06..7dbea51612 100644
--- a/po/ko.po
+++ b/po/ko.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-06-12 15:36+0000\n"
 "Last-Translator: 김인수 <simmon@nplob.com>\n"
 "Language-Team: Korean <https://translate.fedoraproject.org/projects/sssd/"
@@ -1997,64 +1997,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "메모리 부족\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "디버그 역추적 활성화/비활성화"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "디버그 로그의 오픈 파일 설명자"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "익명의 PKINIT를 사용하여 FAST 강화된 티켓을 요청합니다"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "사용할 Kerberos 영역"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "티켓의 요청된 수명"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "티켓의 요청된 재생 가능 수명"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "FAST 옵션 ('never', 'try', 'demand')"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "FAST에 사용할 서버 주체를 지정"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "주체 이름의 정규화 요청"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "krb5_get_init_creds_password의 사용자 지정 버전 사용"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "로깅 목적을 위해 사용되는 T이벤트 체인 ID"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "PAC 플래그 점검"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "blockoc_asprintf에 실패했습니다.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd가 실패했습니다.\n"
 
diff --git a/po/nb.po b/po/nb.po
index 6d1fa89326..59237e2feb 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:46-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/"
@@ -1924,63 +1924,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/nl.po b/po/nl.po
index 15f5333c81..504e5bdf03 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -13,7 +13,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:47-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -2002,63 +2002,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Het geheugen zit vol\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Een geopend bestand voor de debug logs"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/pl.po b/po/pl.po
index 6c6849d42e..d66a7df0e0 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -15,7 +15,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2023-09-16 09:18+0000\n"
 "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
 "Language-Team: Polish <https://translate.fedoraproject.org/projects/sssd/"
@@ -2089,64 +2089,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Brak pamięci\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Włącza/wyłącza wyjątek debugowania"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "Używa anonimowego PKINIT do żądania opakowanego biletu FAST"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Używany obszar Kerberosa"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Żądany czas trwania biletu"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Żądany odnawialny czas trwania biletu"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "Opcje FAST („never”, „try”, „demand”)"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "Podaje naczelnika serwera używanego dla FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Żąda ujednolicenie nazwy naczelnika"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Użycie niestandardowej wersji krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "Identyfikator łańcucha tevent używany do celów zapisywania w dzienniku"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "Sprawdza flagi PAC"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf się nie powiodło.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd się nie powiodło.\n"
 
diff --git a/po/pt.po b/po/pt.po
index f123b20979..636f63d9ae 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:47-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -1938,63 +1938,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Memória esgotada\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Um descritor de ficheiro aberto para os registos de depuração"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/pt_BR.po b/po/pt_BR.po
index fc081388e4..534acfc944 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2015-10-27 08:15-0400\n"
 "Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
 "Language-Team: Portuguese (Brazil)\n"
@@ -1918,63 +1918,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/ru.po b/po/ru.po
index 3ae7ca2623..df1ea46092 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-06-27 05:36+0000\n"
 "Last-Translator: Elena Mishina <lepata@basealt.ru>\n"
 "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/"
@@ -2142,64 +2142,64 @@ msgstr "Не удалось ускорить процесс «мониторин
 msgid "Out of memory\n"
 msgstr "Недостаточно памяти\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Включить или отключить обратную трассировку отладки"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Дескриптор открытых файлов для журнала отладки"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "Использовать анонимный PKINIT для запроса билета защиты FAST"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Область действия Kerberos"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Запрашиваемое время жизни билета"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Запрашиваемое возобновляемое время жизни билета"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "Параметры FAST («never», «try», «demand»)"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "Указывает участник-сервер, который следует использовать для FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Запрашивает преобразование имени участника в каноническую форму"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Использовать нестандартную версию krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "Идентификатор цепочки Tevent, используемый для ведения журнала"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "Проверить PAC флаги"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "Ошибка talloc_asprintf.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "Ошибка set_debug_file_from_fd.\n"
 
diff --git a/po/sssd.pot b/po/sssd.pot
index d11740a7b2..a91732962e 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1921,63 +1921,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/sv.po b/po/sv.po
index 0f27de383d..ec2a4477fd 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-08-29 20:38+0000\n"
 "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
 "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/"
@@ -2069,64 +2069,64 @@ msgstr "Misslyckades att starta upp SSSD:s process ”monitor”: %s"
 msgid "Out of memory\n"
 msgstr "Slut på minne\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Aktivera/avaktivera felsökningsspårning"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "En öppen fildeskriptor för felsökningsloggarna"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "Använd anonym PKINIT för att begära FAST-skyddad biljett"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Kerberosrike att använda"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Begärd livslängd på biljetten"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Begärd förnybar livslängd på biljetten"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "FAST-flaggor (”never”, ”try”, ”demand”)"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "Anger serverhuvudmannen att använda för FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Begär kanonisering av huvudmannanamnet"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Använd en anpassad version av krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "Tevent-kedje-ID använt för loggningssyfte"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "Kontrollera PAC-flaggor"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf misslyckades.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd misslyckades.\n"
 
diff --git a/po/tg.po b/po/tg.po
index 1e2c13cd62..2cc8cfac91 100644
--- a/po/tg.po
+++ b/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:48-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -1923,63 +1923,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "Берун аз хотира\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/po/tr.po b/po/tr.po
index 8bb2d32eb5..4875507137 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2023-06-04 04:20+0000\n"
 "Last-Translator: Kemal Oktay Aktoğan <oktay@e.email>\n"
 "Language-Team: Turkish <https://translate.fedoraproject.org/projects/sssd/"
@@ -2112,64 +2112,64 @@ msgstr "SSSD 'monitor' işlemi başlatılamadı: %s"
 msgid "Out of memory\n"
 msgstr "Yetersiz bellek!\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Hata ayıklama geri izlemeyi etkinleştir/devre dışı bırak"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Hata ayıklama günlükleri için açık bir dosya tanımlayıcısı"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "FAST kimlik bilgilerini istemek için anonim PKINIT kullanın"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Kullanılacak Kerberos bölgesi"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Biletin talep edilen kullanım ömrü"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Biletin talep edilen yenilenebilir kullanım ömrü"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "FAST seçenekleri ('never', 'try', 'demand')"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "FAST için kullanılacak sunucu sorumlusunu belirtir"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Ana adın standartlaştırılmasını ister"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "krb5_get_init_creds_password'ün özel sürümünü kullanın"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "Günlük kaydı amacıyla kullanılan olay zinciri kimliği"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "PAC bayraklarını denetleyin"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf başarısız oldu.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd başarısız oldu.\n"
 
diff --git a/po/uk.po b/po/uk.po
index 22d89abdd3..b5110bcf78 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -16,7 +16,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-06-27 05:36+0000\n"
 "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/"
@@ -2163,66 +2163,66 @@ msgstr "Не вдалося виконати початкове завантаж
 msgid "Out of memory\n"
 msgstr "Не вистачає пам'яті\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "Увімкнути або вимкнути діагностичне зворотне трасування"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "Дескриптор відкритого файла для запису журналів діагностики"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "Анонімний PKINIT для запитів щодо квитка захисту FAST"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "Область Kerberos, якою слід скористатися"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "Запитаний строк дії квитка"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "Запитаний час оновлення строку дії квитка"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "Параметри FAST ('never', 'try', 'demand')"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 "Визначає реєстраційний запис сервера, який слід використовувати для FAST"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "Вимагає перетворення реєстраційного запису у канонічну форму"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "Використовувати нетипову версію krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 "Ідентифікатор ланцюжка Tevent, який використовується для ведення журналу"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "Перевірити прапорці PAC"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "Помилка talloc_asprintf.\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "Помилка set_debug_file_from_fd.\n"
 
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 5ceb660613..e4b6112741 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2023-07-24 17:21+0000\n"
 "Last-Translator: Funda Wang <fundawang@yeah.net>\n"
 "Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/"
@@ -1970,64 +1970,64 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "无可用内存\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 #, fuzzy
 msgid "Enable debug backtrace"
 msgstr "启用/禁用 debug backtrace"
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr "调试日志的打开文件描述符"
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr "使用匿名 PKINIT 请求 FAST armor 票"
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr "要使用的 kerberos 域"
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr "要求的票证寿命"
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr "要求的可续约票证寿命"
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr "FAST 选项（'never'、'try'、'demand'）"
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr "指定用于 FAST 的服务器主体"
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr "要求规范化主体名称"
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr "使用自定义版本的 krb5_get_init_creds_password"
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr "用于日志记录的 Tevent 链 ID"
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr "检查 PAC 标志"
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr "talloc_asprintf 失败。\n"
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr "set_debug_file_from_fd 失败。\n"
 
diff --git a/po/zh_TW.po b/po/zh_TW.po
index bd2ab25c0c..b17daad56f 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2024-12-10 14:35+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:50-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/"
@@ -1926,63 +1926,63 @@ msgstr ""
 msgid "Out of memory\n"
 msgstr "記憶體耗盡\n"
 
-#: src/providers/krb5/krb5_child.c:4113 src/providers/ldap/ldap_child.c:995
+#: src/providers/krb5/krb5_child.c:4138 src/providers/ldap/ldap_child.c:995
 msgid "Ignored, /proc/sys/fs/suid_dumpable setting is in force"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4115 src/providers/ldap/ldap_child.c:997
+#: src/providers/krb5/krb5_child.c:4140 src/providers/ldap/ldap_child.c:997
 msgid "Enable debug backtrace"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4117 src/providers/ldap/ldap_child.c:999
+#: src/providers/krb5/krb5_child.c:4142 src/providers/ldap/ldap_child.c:999
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4120
+#: src/providers/krb5/krb5_child.c:4145
 msgid "Use anonymous PKINIT to request FAST armor ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4122
+#: src/providers/krb5/krb5_child.c:4147
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4124
+#: src/providers/krb5/krb5_child.c:4149
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4126
+#: src/providers/krb5/krb5_child.c:4151
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4128
+#: src/providers/krb5/krb5_child.c:4153
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4131
+#: src/providers/krb5/krb5_child.c:4156
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4133
+#: src/providers/krb5/krb5_child.c:4158
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4135
+#: src/providers/krb5/krb5_child.c:4160
 msgid "Use custom version of krb5_get_init_creds_password"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4137
+#: src/providers/krb5/krb5_child.c:4162
 msgid "Tevent chain ID used for logging purposes"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4139
+#: src/providers/krb5/krb5_child.c:4164
 msgid "Check PAC flags"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4187 src/providers/ldap/ldap_child.c:1029
+#: src/providers/krb5/krb5_child.c:4212 src/providers/ldap/ldap_child.c:1029
 msgid "talloc_asprintf failed.\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:4197 src/providers/ldap/ldap_child.c:1038
+#: src/providers/krb5/krb5_child.c:4222 src/providers/ldap/ldap_child.c:1038
 msgid "set_debug_file_from_fd failed.\n"
 msgstr ""
 
diff --git a/src/man/po/br.po b/src/man/po/br.po
index 96aa991d97..5d9a50c817 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:51-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
@@ -211,10 +211,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -233,10 +233,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -270,8 +270,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -301,8 +301,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -369,7 +369,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (neudennad)"
 
@@ -389,12 +389,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -402,39 +402,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -591,8 +591,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -863,7 +863,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -894,29 +894,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "passkey_verification (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "user_verification (boolean)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -924,7 +933,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -943,12 +952,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "RANNOÙ SERVIJOÙ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -957,22 +966,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -982,17 +991,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1002,19 +1011,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 60, KCM: 300"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1025,14 +1034,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1040,44 +1049,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1086,62 +1095,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 3600"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 30"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1153,58 +1162,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Dre ziouer : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1212,7 +1221,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1222,7 +1231,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1231,17 +1240,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1249,17 +1258,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Dre ziouer : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1267,17 +1276,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1286,7 +1295,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1295,41 +1304,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Dre zoiuer : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1337,23 +1346,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1361,47 +1370,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1409,113 +1418,113 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1523,25 +1532,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1549,19 +1558,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1569,12 +1578,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1583,12 +1592,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1599,45 +1608,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: true"
 msgid "Default: <quote>*</quote>"
 msgstr "Dre ziouer : true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1646,60 +1655,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1707,61 +1716,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Dre zoiuer : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pam_response_filter (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1770,51 +1779,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1825,23 +1834,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1849,7 +1858,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1858,17 +1867,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1876,32 +1885,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Dre ziouer : 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1911,75 +1920,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1987,19 +1996,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2007,46 +2016,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2054,36 +2063,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pam_cert_verification (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2093,7 +2102,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2101,61 +2110,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2163,7 +2172,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2175,63 +2184,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2239,12 +2248,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2255,7 +2264,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2263,7 +2272,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2271,7 +2280,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2280,47 +2289,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2329,30 +2338,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2360,7 +2369,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2368,22 +2377,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2391,19 +2400,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2411,7 +2420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2426,7 +2435,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2434,45 +2443,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2480,7 +2489,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2488,17 +2497,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2509,24 +2518,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2536,22 +2545,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2559,51 +2568,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2612,12 +2621,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2627,7 +2636,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2635,7 +2644,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2644,38 +2653,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2686,7 +2695,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2697,24 +2706,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2722,19 +2731,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2743,7 +2752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2752,26 +2761,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pac_check (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2782,24 +2791,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2807,24 +2816,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2836,7 +2845,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2847,60 +2856,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2910,66 +2919,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2977,17 +2986,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2995,7 +3004,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3004,61 +3013,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "exclude_users (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "filter_users, filter_groups (string)"
 msgid "exclude_groups (string)"
 msgstr "filter_users, filter_groups (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "RANNOÙ DOMANI"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3068,12 +3077,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3082,14 +3091,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3098,38 +3107,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3138,24 +3147,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3164,36 +3173,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3207,14 +3216,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3223,14 +3232,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3238,32 +3247,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3272,19 +3281,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3295,139 +3304,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3436,17 +3445,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3458,18 +3467,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3480,7 +3489,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3489,12 +3498,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3502,19 +3511,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3523,17 +3532,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3542,28 +3551,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3571,7 +3580,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3579,8 +3588,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3588,8 +3597,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3597,19 +3606,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3618,7 +3627,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3626,24 +3635,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3655,7 +3664,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3663,30 +3672,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3694,7 +3703,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3702,30 +3711,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3733,19 +3742,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3754,7 +3763,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3762,29 +3771,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3792,7 +3801,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3800,35 +3809,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3836,32 +3845,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3872,7 +3881,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3881,12 +3890,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3894,7 +3903,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3902,31 +3911,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3934,7 +3943,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3943,17 +3952,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3961,36 +3970,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3998,7 +4007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4006,7 +4015,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4014,24 +4023,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4039,31 +4048,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4071,7 +4080,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4080,12 +4089,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4095,24 +4104,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4121,19 +4130,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4143,89 +4152,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4233,17 +4242,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4252,12 +4261,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4265,7 +4274,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4273,36 +4282,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: TRUE"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4310,59 +4319,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4370,31 +4379,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4402,104 +4411,104 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4507,27 +4516,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4537,34 +4546,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4573,19 +4582,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4593,14 +4602,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "local_auth_policy (string)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4612,7 +4621,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4624,7 +4633,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4632,44 +4641,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4678,7 +4687,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4689,7 +4698,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4697,38 +4706,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: match"
 msgstr "Dre ziouer : 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4737,24 +4746,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4764,14 +4773,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4779,21 +4788,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4801,7 +4810,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4810,7 +4819,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4819,7 +4828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4827,17 +4836,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4845,12 +4854,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4858,12 +4867,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4871,12 +4880,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4885,12 +4894,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4898,19 +4907,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4927,7 +4936,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4935,17 +4944,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4954,7 +4963,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4964,7 +4973,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4984,12 +4993,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5000,69 +5009,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5075,7 +5084,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5083,7 +5092,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5092,43 +5101,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5136,12 +5145,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5150,17 +5159,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5168,26 +5177,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5196,17 +5205,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5216,7 +5225,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5225,59 +5234,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5286,7 +5295,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5295,7 +5304,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5306,17 +5315,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5324,46 +5333,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5372,7 +5381,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5380,12 +5389,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5414,7 +5423,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5423,7 +5432,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5431,7 +5440,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5442,7 +5451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5453,7 +5462,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6036,7 +6045,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6123,20 +6132,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6144,17 +6156,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6162,12 +6174,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6175,7 +6187,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6186,7 +6198,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6195,7 +6207,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6203,12 +6215,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6216,7 +6228,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6224,26 +6236,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6251,7 +6263,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6259,7 +6271,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6267,41 +6279,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6311,32 +6323,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6344,12 +6356,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6357,12 +6369,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6370,17 +6382,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6391,24 +6403,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6419,12 +6431,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6437,7 +6449,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6449,17 +6461,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6467,49 +6479,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6517,28 +6529,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6550,7 +6562,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6558,7 +6570,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6566,39 +6578,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6608,7 +6620,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6616,26 +6628,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6644,7 +6656,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6652,31 +6664,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6689,51 +6701,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6742,12 +6754,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6763,12 +6775,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6777,14 +6789,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6793,24 +6805,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6818,19 +6830,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6839,7 +6851,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6847,7 +6859,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6856,7 +6868,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6864,22 +6876,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6889,14 +6901,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6909,12 +6921,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6924,31 +6936,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6956,50 +6968,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7008,74 +7020,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7086,7 +7098,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7094,60 +7106,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "re_expression (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7155,12 +7167,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7183,12 +7195,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7196,43 +7208,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7240,14 +7252,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7257,19 +7269,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7277,7 +7289,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7285,106 +7297,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7393,59 +7405,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7454,22 +7466,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7478,14 +7490,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7493,7 +7505,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7506,7 +7518,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7514,19 +7526,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7542,13 +7554,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7603,7 +7615,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "DIBARZHIOÙ"
 
@@ -12474,7 +12486,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12606,7 +12618,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14358,19 +14370,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14378,12 +14395,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14397,7 +14414,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14405,7 +14422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14414,10 +14431,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index fa7d0681c5..1d9c144261 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2015-10-18 04:13-0400\n"
 "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
 "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
@@ -247,10 +247,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -272,10 +272,10 @@ msgstr ""
 "aleshores s'ignora aquesta opció."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -311,8 +311,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -342,8 +342,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Per defecte: 10"
 
@@ -422,7 +422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (cadena)"
 
@@ -444,12 +444,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -460,40 +460,40 @@ msgstr ""
 "compondre un FQN des dels components del nom d'usuari i del nom del domini."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "nom d'usuari"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -672,8 +672,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -954,7 +954,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Per defecte: Sense establir"
@@ -989,29 +989,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "ldap_user_certificate (string)"
 msgid "passkey_verification (string)"
 msgstr "ldap_user_certificate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "ldap_user_certificate (string)"
 msgid "user_verification (boolean)"
 msgstr "ldap_user_certificate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1019,7 +1028,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -1050,12 +1059,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "SECCIONS DELS SERVEIS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1068,22 +1077,22 @@ msgstr ""
 "quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Opcions de configuració del servei general"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1093,17 +1102,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1113,19 +1122,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 60, KCM: 300"
 msgstr "Per defecte: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1136,14 +1145,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1151,46 +1160,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Per defecte: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "offline_timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1199,66 +1208,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "Per defecte: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "offline_timeout + random_offset"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 #, fuzzy
 #| msgid "offline_timeout + random_offset"
 msgid "[0 - offline_timeout_random_offset]"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "Per defecte: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1270,30 +1279,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Per defecte: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "Opcions de configuració de l'NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1301,12 +1310,12 @@ msgstr ""
 "Service Switch)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1315,17 +1324,17 @@ msgstr ""
 "(peticions d'informació sobre tots els usuaris)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Per defecte: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1336,7 +1345,7 @@ msgstr ""
 "valor entry_cache_timeout per al domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1352,7 +1361,7 @@ msgstr ""
 "peticions que esperen per a una actualització de la memòria cau."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1365,17 +1374,17 @@ msgstr ""
 "(0 desactiva aquesta característica)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Per defecte: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1387,17 +1396,17 @@ msgstr ""
 "altra vegada."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Per defecte: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1405,17 +1414,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1424,7 +1433,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1433,17 +1442,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Per defecte: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1451,12 +1460,12 @@ msgstr ""
 "aquesta opció a false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1465,7 +1474,7 @@ msgstr ""
 "si no se n'especifica cap explícitament amb el proveïdor de dades del domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1473,7 +1482,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1483,25 +1492,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Per defecte: sense establir (cap substitució per als directoris inicials no "
 "establerts)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1512,18 +1521,18 @@ msgstr ""
 "pot configurar ja sigui en la secció [nss] o per cada domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1531,31 +1540,31 @@ msgstr ""
 "d'avaluació és:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1563,117 +1572,117 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Per defecte: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1681,27 +1690,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr "Per defecte: 8"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1709,21 +1718,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Per defecte: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1731,14 +1740,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1747,12 +1756,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1763,45 +1772,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>permit</quote>"
 msgid "Default: <quote>*</quote>"
 msgstr "Per defecte: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1810,12 +1819,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "Opcions de configuració del PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1824,12 +1833,12 @@ msgstr ""
 "(Pluggable Authentication Module)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1839,17 +1848,17 @@ msgstr ""
 "de sessió)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Per defecte: 0 (sense límit)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1858,12 +1867,12 @@ msgstr ""
 "fallits es permet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1873,7 +1882,7 @@ msgstr ""
 "possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1881,17 +1890,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Per defecte: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1900,45 +1909,45 @@ msgstr ""
 "l'autenticació. Com més gran sigui el nombre més missatges es mostren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "L'sssd actualment admet els següents valors:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: no mostris cap missatge"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: Mostra només missatges importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: Mostra missatges informatius"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Per defecte: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "ad_access_filter (string)"
 msgid "pam_response_filter (string)"
 msgstr "ad_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1947,51 +1956,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2002,23 +2011,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2030,7 +2039,7 @@ msgstr ""
 "l'última informació."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2044,17 +2053,17 @@ msgstr ""
 "excessives al proveïdor d'identitat."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2062,32 +2071,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Per defecte: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2097,75 +2106,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Per defecte: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2173,19 +2182,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2193,48 +2202,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 #, fuzzy
 #| msgid "ldap_chpass_update_last_change (bool)"
 msgid "pam_passkey_auth (bool)"
 msgstr "ldap_chpass_update_last_change (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Per defecte: True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Per defecte: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2242,36 +2251,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "ldap_user_certificate (string)"
 msgid "pam_cert_verification (string)"
 msgstr "ldap_user_certificate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2281,7 +2290,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, fuzzy, no-wrap
 #| msgid ""
 #| "ad_gpo_map_service = +my_pam_service\n"
@@ -2294,63 +2303,63 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "pam_id_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "ad_gpo_map_service (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "ad_gpo_map_service (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2358,7 +2367,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2370,63 +2379,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2434,12 +2443,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2450,7 +2459,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2458,7 +2467,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2466,7 +2475,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2475,47 +2484,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2524,19 +2533,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 #, fuzzy
 #| msgid "ad_gpo_map_service (string)"
 msgid "pam_gssapi_services"
 msgstr "ad_gpo_map_service (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 #, fuzzy
 #| msgid "Comma separated list of users who are allowed to log in."
 msgid ""
@@ -2546,13 +2555,13 @@ msgstr ""
 "Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2560,7 +2569,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, fuzzy, no-wrap
 #| msgid ""
 #| "ad_gpo_map_service = +my_pam_service\n"
@@ -2573,22 +2582,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2596,19 +2605,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2616,7 +2625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2631,7 +2640,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2639,45 +2648,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, fuzzy, no-wrap
 #| msgid ""
 #| "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -2690,7 +2699,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2698,7 +2707,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 #, fuzzy
 #| msgid "Default: not set (no substitution for unset home directories)"
 msgid "Default: not set (use of authentication indicators is not required)"
@@ -2707,12 +2716,12 @@ msgstr ""
 "establerts)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "Opcions de configuració de SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2730,24 +2739,24 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2757,23 +2766,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 "Es poden utilitzar aquestes opcions per configurar el servei de l'autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2781,51 +2790,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "Per defecte: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2834,12 +2843,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2849,7 +2858,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2857,7 +2866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2866,38 +2875,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "Opcions de configuració del contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2908,7 +2917,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2919,25 +2928,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2945,7 +2954,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 #, fuzzy
 #| msgid ""
 #| "Default: 0 (only the root user is allowed to access the InfoPipe "
@@ -2958,12 +2967,12 @@ msgstr ""
 "contestador de l'InfoPipe)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 #, fuzzy
 #| msgid ""
 #| "Please note that although the UID 0 is used as the default it will be "
@@ -2982,7 +2991,7 @@ msgstr ""
 "també cal afegir 0 a la llista dels UID permesos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2991,26 +3000,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "ldap_schema (string)"
 msgid "pac_check (string)"
 msgstr "ldap_schema (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3021,24 +3030,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3046,24 +3055,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3075,7 +3084,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3086,41 +3095,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -3133,19 +3142,19 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3155,66 +3164,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3222,17 +3231,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3240,7 +3249,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3249,65 +3258,65 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "exclude_users (string)"
 msgstr "simple_deny_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No users excluded."
 msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "simple_deny_groups (string)"
 msgid "exclude_groups (string)"
 msgstr "simple_deny_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No groups excluded."
 msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "SECCIONS DE DOMINI"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3317,12 +3326,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3331,14 +3340,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3347,31 +3356,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id, max_id (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3380,7 +3389,7 @@ msgstr ""
 "fora d'aquests límits, s'ignora."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3393,24 +3402,24 @@ msgstr ""
 "com s'esperava."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3419,36 +3428,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Els usuaris i grups s'enumeren"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Cap enumeració per a aquest domini"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Per defecte: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3462,7 +3471,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3472,7 +3481,7 @@ msgstr ""
 "finalitzi."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3486,14 +3495,14 @@ msgstr ""
 "ús."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3501,32 +3510,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3535,12 +3544,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -3549,7 +3558,7 @@ msgstr ""
 "demanar al rerefons una altra vegada"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3560,139 +3569,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Per defecte: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "Per defecte: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3701,17 +3710,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3723,18 +3732,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "Per defecte: 0 (inhabilitat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3745,7 +3754,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3754,12 +3763,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3767,19 +3776,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3792,17 +3801,17 @@ msgstr ""
 "ha de ser superior o igual que offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Per defecte: 0 (sense límit)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3811,28 +3820,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3840,7 +3849,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3848,8 +3857,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 #, fuzzy
 #| msgid ""
 #| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
@@ -3865,8 +3874,8 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3874,19 +3883,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3899,7 +3908,7 @@ msgstr ""
 "l'usuari mentre que <command>getent passwd test@LOCAL</command> sí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3907,24 +3916,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3936,7 +3945,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3944,23 +3953,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -3969,7 +3978,7 @@ msgstr ""
 "d'autenticació suportats són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3980,7 +3989,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3991,7 +4000,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -3999,12 +4008,12 @@ msgstr ""
 "de PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> impossibilita l'autenticació explícitament."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4013,12 +4022,12 @@ msgstr ""
 "gestionar les sol·licituds d'autenticació."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4029,19 +4038,19 @@ msgstr ""
 "instal·lats) Els proveïdors especials interns són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> sempre denega l'accés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4054,7 +4063,7 @@ msgstr ""
 "configuració del mòdul d'accés simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4062,22 +4071,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Per defecte: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4086,7 +4095,7 @@ msgstr ""
 "al domini.  Els proveïdors de canvi de contrasenya compatibles són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4094,7 +4103,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4105,7 +4114,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -4113,12 +4122,12 @@ msgstr ""
 "objectiu PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4127,17 +4136,17 @@ msgstr ""
 "gestionar peticions de canvi de contrasenya."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4145,32 +4154,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4181,7 +4190,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4190,12 +4199,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4203,7 +4212,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4211,31 +4220,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4243,7 +4252,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4252,17 +4261,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4270,36 +4279,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4307,7 +4316,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4315,7 +4324,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4323,24 +4332,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4348,31 +4357,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4380,7 +4389,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4389,12 +4398,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4404,24 +4413,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4430,19 +4439,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4452,17 +4461,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Per defecte: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -4471,76 +4480,76 @@ msgstr ""
 "realitzar cerques de DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Valors admesos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Per defecte: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Per defecte: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4548,17 +4557,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Per defecte: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4567,14 +4576,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4582,7 +4591,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4590,17 +4599,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Per defecte: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -4609,19 +4618,19 @@ msgstr ""
 "del domini de la consulta DNS del servei de descobriment."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Per defecte: Utilitza la part del domini del nom de màquina"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "pam_id_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4629,59 +4638,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Per defecte: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4689,14 +4698,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -4709,17 +4718,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4727,130 +4736,130 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_search_timeout (integer)"
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "ldap_network_timeout (integer)"
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "ldap_connection_expire_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout"
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 #, fuzzy
 #| msgid "ldap_krb5_ticket_lifetime (integer)"
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "ldap_enumeration_search_timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_expire_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 #, fuzzy
 #| msgid "case_sensitive (string)"
 msgid "case_sensitive"
 msgstr "case_sensitive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4860,27 +4869,27 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4890,34 +4899,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Per defecte: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4926,19 +4935,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4946,14 +4955,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy (string)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4965,7 +4974,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4977,7 +4986,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4985,46 +4994,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 #, fuzzy
 #| msgid "gdm-smartcard"
 msgid "Smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5033,7 +5042,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5044,7 +5053,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 #, fuzzy
 #| msgid ""
 #| "The following example shows a minimal idmapd.conf which makes use of the "
@@ -5058,38 +5067,38 @@ msgstr ""
 "sss.  <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: cn"
 msgid "Default: match"
 msgstr "Per defecte: cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5098,24 +5107,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5125,14 +5134,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5140,21 +5149,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5162,7 +5171,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5171,7 +5180,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5180,7 +5189,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -5191,17 +5200,17 @@ msgstr ""
 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "El servidor intermediari on reenvia PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 #, fuzzy
 #| msgid ""
 #| "Default: not set by default, you have to take an existing pam "
@@ -5215,12 +5224,12 @@ msgstr ""
 "de pam existent o crear-ne una de nova i afegir aquí el nom del servei."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -5231,12 +5240,12 @@ msgstr ""
 "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -5244,12 +5253,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -5258,12 +5267,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -5271,7 +5280,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -5280,12 +5289,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -5302,7 +5311,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5310,17 +5319,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5329,7 +5338,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5339,7 +5348,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5359,12 +5368,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5375,69 +5384,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5450,7 +5459,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5458,7 +5467,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5467,43 +5476,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5511,12 +5520,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5525,17 +5534,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5543,26 +5552,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5571,17 +5580,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5591,7 +5600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5600,59 +5609,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5661,7 +5670,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5670,7 +5679,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5681,17 +5690,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5699,39 +5708,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -5744,7 +5753,7 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5753,7 +5762,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5761,12 +5770,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[sssd]\n"
@@ -5844,7 +5853,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5853,7 +5862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5861,7 +5870,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5872,7 +5881,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5883,7 +5892,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6511,7 +6520,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "Per defecte: 900 (15 minuts)"
 
@@ -6600,20 +6609,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6621,17 +6633,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6639,12 +6651,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6652,7 +6664,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6663,7 +6675,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6672,7 +6684,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6680,12 +6692,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6693,7 +6705,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6701,12 +6713,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -6716,7 +6728,7 @@ msgstr ""
 "valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -6725,7 +6737,7 @@ msgstr ""
 "certificat del servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6737,7 +6749,7 @@ msgstr ""
 "normalment."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6748,7 +6760,7 @@ msgstr ""
 "proporciona un certificat dolent, immediatament s'acaba la sessió."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6759,22 +6771,22 @@ msgstr ""
 "immediatament s'acaba la sessió."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Per defecte: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -6783,7 +6795,7 @@ msgstr ""
 "Certificació que reconeixerà l'<command>sssd</command>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -6792,12 +6804,12 @@ msgstr ""
 "<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -6819,32 +6831,32 @@ msgstr ""
 "correctes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6852,12 +6864,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 #, fuzzy
 #| msgid ""
 #| "Specifies that the id_provider connection must also use <systemitem "
@@ -6871,12 +6883,12 @@ msgstr ""
 "class=\"protocol\">tls</systemitem> per a protegir el canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6884,17 +6896,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6905,24 +6917,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6933,12 +6945,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6951,7 +6963,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6963,17 +6975,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6981,51 +6993,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "Per defecte: el valor de krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Per defecte: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -7033,28 +7045,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Per defecte: 86400 (24 hores)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -7066,7 +7078,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -7077,7 +7089,7 @@ msgstr ""
 "retorna a _tcp si no se'n troba cap."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -7089,41 +7101,41 @@ msgstr ""
 "<quote>krb5_server</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
 "krb5.conf</filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -7133,7 +7145,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -7141,12 +7153,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -7155,7 +7167,7 @@ msgstr ""
 "costat del client. S'admeten els valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -7164,7 +7176,7 @@ msgstr ""
 "opció no inhabilita les polítiques de contrasenya de servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -7173,7 +7185,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -7185,25 +7197,25 @@ msgstr ""
 "contrasenya."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -7212,7 +7224,7 @@ msgstr ""
 "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -7225,29 +7237,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Especifica el nom de servei per utilitzar quan està habilitada la detecció "
 "de serveis."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Per defecte: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -7257,25 +7269,25 @@ msgstr ""
 "dels serveis."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -7284,12 +7296,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -7305,12 +7317,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Exemple:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -7319,14 +7331,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -7335,17 +7347,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "Per defecte: Buit"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -7354,7 +7366,7 @@ msgstr ""
 "d'atributs de control d'accés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -7366,12 +7378,12 @@ msgstr ""
 "contrasenya és correcta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "S'admeten els valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -7380,7 +7392,7 @@ msgstr ""
 "determinar si el compte ha caducat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -7389,7 +7401,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -7397,7 +7409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -7406,7 +7418,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -7414,24 +7426,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Llista separada per comes d'opcions de control d'accés. Els valors permesos "
 "són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7441,14 +7453,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7461,12 +7473,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -7476,31 +7488,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7508,7 +7520,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -7517,31 +7529,31 @@ msgstr ""
 "authorizedService per determinar l'accés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Per defecte: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -7550,12 +7562,12 @@ msgstr ""
 "s'utilitza més d'una vegada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7564,22 +7576,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -7588,13 +7600,13 @@ msgstr ""
 "es fa una cerca. S'admeten les opcions següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -7604,7 +7616,7 @@ msgstr ""
 "de la cerca."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -7613,7 +7625,7 @@ msgstr ""
 "només en localitzar l'objecte base de la cerca."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -7622,7 +7634,7 @@ msgstr ""
 "en la recerca i en la localització de l'objecte base de la cerca."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -7631,19 +7643,19 @@ msgstr ""
 "biblioteques de client LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7654,7 +7666,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7662,64 +7674,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "debug_level (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 #, fuzzy
 #| msgid "Default: 0 (disabled)"
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "Per defecte: 0 (inhabilitat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_id_mapping (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7727,14 +7739,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7757,12 +7769,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "OPCIONS DE SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7770,43 +7782,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "Per defecte: 21600 (6 hores)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7814,14 +7826,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7831,21 +7843,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_idmap_range_size (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7853,7 +7865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7861,106 +7873,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7969,59 +7981,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "OPCIONS D'AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "Per defecte: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "OPCIONS AVANÇADES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -8030,22 +8042,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -8054,14 +8066,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "EXEMPLE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -8072,7 +8084,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8085,7 +8097,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -8093,19 +8105,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8121,13 +8133,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -8189,7 +8201,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "OPCIONS"
 
@@ -13296,7 +13308,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -13448,7 +13460,7 @@ msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -15393,21 +15405,26 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
 "informació detallada de la sintaxi."
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-H</option>,<option>--ssh-hosts</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-H</option>,<option>--ssh-hosts</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -15415,12 +15432,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -15434,7 +15451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -15442,7 +15459,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -15451,10 +15468,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index 03a24e9c7f..7c682da425 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-09-02 11:38+0000\n"
 "Last-Translator: Jan Kalabza <jan.kalabza@gmail.com>\n"
 "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-"
@@ -229,10 +229,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -251,10 +251,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -288,8 +288,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -319,8 +319,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Výchozí: 10"
 
@@ -387,7 +387,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -407,12 +407,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -420,39 +420,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "uživatelské jméno"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -613,8 +613,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -885,7 +885,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -916,25 +916,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -942,7 +951,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -961,12 +970,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -975,22 +984,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1000,17 +1009,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1020,19 +1029,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 200000"
 msgid "Default: 60, KCM: 300"
 msgstr "Výchozí: 200000"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1043,14 +1052,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1058,46 +1067,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Výchozí: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "ldap_idmap_range_max (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "ldap_idmap_range_max (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1106,62 +1115,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 200000"
 msgid "Default: 3600"
 msgstr "Výchozí: 200000"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "ldap_idmap_range_size (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr "Výchozí: 30"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1173,58 +1182,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Výchozí: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1235,7 +1244,7 @@ msgstr ""
 "doménu."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1245,7 +1254,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1254,17 +1263,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Výchozí: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1272,17 +1281,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Výchozí: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1290,17 +1299,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1309,7 +1318,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1318,41 +1327,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1360,23 +1369,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "příklad: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1384,47 +1393,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1432,74 +1441,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1508,39 +1517,39 @@ msgstr ""
 "platný."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1548,27 +1557,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "ldap_idmap_range_size (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1576,19 +1585,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1596,14 +1605,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "ldap_idmap_range_size (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1612,12 +1621,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1628,43 +1637,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1673,60 +1682,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1734,59 +1743,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Výchozí: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1795,51 +1804,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1850,23 +1859,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1874,7 +1883,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1883,17 +1892,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "Zobrazit varování N dnů před skončením platnosti hesla."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1901,32 +1910,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1936,75 +1945,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Výchozí: nic"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2012,19 +2021,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2032,46 +2041,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Výchozí: true (pravda)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Výchozí: false (nepravda)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2079,34 +2088,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr "Výchozí:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2116,7 +2125,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2124,63 +2133,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr "Kolik sekund bude pam_sss čekat na dokončení p11_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "timeout (celé kladné číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "simple_allow_users (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "simple_allow_users (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2188,7 +2197,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2200,63 +2209,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "přihlášení"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2264,12 +2273,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2280,7 +2289,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2288,7 +2297,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2296,7 +2305,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2305,47 +2314,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr "vždy"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr "nikdy"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2354,30 +2363,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2385,7 +2394,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2393,22 +2402,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Příklad: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2416,19 +2425,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2436,7 +2445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2451,7 +2460,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2459,45 +2468,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2505,7 +2514,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2513,17 +2522,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2534,24 +2543,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2561,22 +2570,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2584,22 +2593,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2608,12 +2617,12 @@ msgstr ""
 "zaheslovat."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2622,17 +2631,17 @@ msgstr ""
 "byly vyžádány klíče hostitele."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2641,12 +2650,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2656,7 +2665,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2664,7 +2673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2673,38 +2682,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2715,7 +2724,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2726,24 +2735,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2751,19 +2760,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2772,7 +2781,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2781,26 +2790,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "krb5_rcache_dir (string)"
 msgid "pac_check (string)"
 msgstr "krb5_rcache_dir (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2811,24 +2820,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2836,24 +2845,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2865,7 +2874,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2876,60 +2885,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2939,49 +2948,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr "\"vše\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr "Všichni uživatelé jsou zaznamenáni."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -2990,17 +2999,17 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3011,17 +3020,17 @@ msgstr ""
 "mezer, změně velikosti písmen, atd."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3032,7 +3041,7 @@ msgstr ""
 "nahrazení mezer, změn velikosti písmen, atd."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3041,61 +3050,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "exclude_users (string)"
 msgstr "simple_deny_users (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "simple_deny_groups (string)"
 msgid "exclude_groups (string)"
 msgstr "simple_deny_groups (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3105,12 +3114,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3119,14 +3128,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3135,38 +3144,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3175,24 +3184,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3201,36 +3210,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3244,14 +3253,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3260,14 +3269,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3275,32 +3284,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3309,19 +3318,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3332,108 +3341,108 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -3442,31 +3451,31 @@ msgstr ""
 "dlouhou dobu ponechávat klíč hostitel v mezipaměti."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3475,17 +3484,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3497,18 +3506,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3519,7 +3528,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3528,12 +3537,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3545,19 +3554,19 @@ msgstr ""
 "otisk do mezipaměti."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3566,17 +3575,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3585,28 +3594,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3614,7 +3623,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3622,8 +3631,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3631,8 +3640,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3640,19 +3649,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3661,7 +3670,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3669,24 +3678,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3698,7 +3707,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3706,30 +3715,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3737,7 +3746,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3745,30 +3754,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3776,19 +3785,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3797,7 +3806,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3805,29 +3814,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3835,7 +3844,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3843,35 +3852,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3879,32 +3888,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3915,7 +3924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3924,12 +3933,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3937,7 +3946,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3945,31 +3954,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3977,7 +3986,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3986,17 +3995,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4004,36 +4013,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4041,7 +4050,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4049,7 +4058,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4057,24 +4066,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4082,31 +4091,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4114,7 +4123,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4123,12 +4132,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4138,7 +4147,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
@@ -4147,17 +4156,17 @@ msgstr ""
 # auto translated by TM merge from project: Fedora Websites, version:
 # fedorahosted.org, DocId: po/fedorahosted
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4166,19 +4175,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4188,93 +4197,93 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4282,17 +4291,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Výchozí: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4301,14 +4310,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4316,7 +4325,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4324,38 +4333,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: TRUE"
 msgstr "Výchozí: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "failover_primary_timeout (integer)"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4363,59 +4372,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Výchozí: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4423,31 +4432,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4455,120 +4464,120 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "dns_resolver_timeout"
 msgid "ldap_search_timeout"
 msgstr "dns_resolver_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "dns_resolver_timeout"
 msgid "ldap_network_timeout"
 msgstr "dns_resolver_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "ldap_opt_timeout"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "dns_resolver_timeout"
 msgid "ldap_offline_timeout"
 msgstr "dns_resolver_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "ldap_enumeration_search_timeout"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "ldap_connection_expire_timeout"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "dns_resolver_op_timeout"
 msgid "ldap_connection_expire_offset"
 msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4576,27 +4585,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4606,34 +4615,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr "Různé štítky uložené službou nastavování realmd pro tuto doménu."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4642,19 +4651,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4662,14 +4671,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "local_auth_policy (string)"
 msgstr "simple_deny_users (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4681,7 +4690,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4693,7 +4702,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4701,44 +4710,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "simple_deny_users (řetězec)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4747,7 +4756,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4758,7 +4767,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4766,38 +4775,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: match"
 msgstr "Výchozí: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4806,24 +4815,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4833,14 +4842,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4848,21 +4857,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4870,7 +4879,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4879,7 +4888,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4888,7 +4897,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4896,17 +4905,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4914,12 +4923,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4927,12 +4936,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4940,12 +4949,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4954,12 +4963,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4967,19 +4976,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4996,7 +5005,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5004,17 +5013,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5023,7 +5032,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5033,7 +5042,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5053,12 +5062,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5069,69 +5078,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5144,7 +5153,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5152,7 +5161,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5161,43 +5170,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5205,12 +5214,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5219,17 +5228,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5237,26 +5246,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5265,17 +5274,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5285,7 +5294,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5294,59 +5303,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5355,7 +5364,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5364,7 +5373,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5375,17 +5384,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5393,46 +5402,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5441,7 +5450,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5449,12 +5458,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5483,7 +5492,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5492,7 +5501,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5500,7 +5509,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5511,7 +5520,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5522,7 +5531,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6107,7 +6116,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6196,20 +6205,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6217,17 +6229,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6235,12 +6247,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6248,7 +6260,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6259,7 +6271,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6268,7 +6280,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6276,12 +6288,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6289,7 +6301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6297,26 +6309,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6324,7 +6336,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6332,7 +6344,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6340,41 +6352,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6384,32 +6396,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6417,12 +6429,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6430,12 +6442,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6443,17 +6455,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6464,24 +6476,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6492,12 +6504,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6510,7 +6522,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6522,17 +6534,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6540,49 +6552,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6590,28 +6602,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6623,7 +6635,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6631,7 +6643,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6639,39 +6651,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6681,7 +6693,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6689,26 +6701,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6717,7 +6729,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6725,31 +6737,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6762,51 +6774,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6815,12 +6827,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6836,12 +6848,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6850,14 +6862,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6866,24 +6878,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6891,19 +6903,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6912,7 +6924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6920,7 +6932,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6929,7 +6941,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6937,22 +6949,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6962,14 +6974,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6982,12 +6994,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6997,31 +7009,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7029,50 +7041,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7081,67 +7093,67 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -7150,7 +7162,7 @@ msgstr ""
 "používají schéma dle normy RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7161,7 +7173,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7169,60 +7181,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "ldap_idmap_range_size (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7230,14 +7242,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_idmap_range_size (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7260,12 +7272,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7273,43 +7285,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7317,14 +7329,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7334,21 +7346,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_idmap_range_size (celé číslo)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7356,7 +7368,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7364,106 +7376,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7472,59 +7484,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "Název v LDAP hlavní mapy pro automatické připojování."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7533,22 +7545,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7557,14 +7569,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7572,7 +7584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7585,7 +7597,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7593,19 +7605,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7621,13 +7633,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7682,7 +7694,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "VOLBY"
 
@@ -12584,7 +12596,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12716,7 +12728,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14468,21 +14480,26 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-?</option>,<option>--help</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-?</option>,<option>--help</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14490,12 +14507,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14509,7 +14526,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14517,7 +14534,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14526,10 +14543,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/de.po b/src/man/po/de.po
index 6d55376432..3b719237c2 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2021-02-02 14:40+0000\n"
 "Last-Translator: Sumit Bose <sbose@redhat.com>\n"
 "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/"
@@ -235,10 +235,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -257,10 +257,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -296,8 +296,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -327,8 +327,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Voreinstellung: 10"
 
@@ -407,7 +407,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (Zeichenkette)"
 
@@ -430,12 +430,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -447,32 +447,32 @@ msgstr ""
 "zusammengestellt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -481,7 +481,7 @@ msgstr ""
 "direkt konfiguriert als auch über IPA-Trust"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -659,8 +659,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -939,7 +939,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Voreinstellung: Nicht gesetzt"
@@ -974,29 +974,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "ipa_automount_location (string)"
 msgid "passkey_verification (string)"
 msgstr "ipa_automount_location (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "ipa_automount_location (string)"
 msgid "user_verification (boolean)"
 msgstr "ipa_automount_location (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1004,7 +1013,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -1035,12 +1044,12 @@ msgstr ""
 "verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "DIENSTABSCHNITTE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1053,22 +1062,22 @@ msgstr ""
 "Abschnitt zum Beispiel <quote>[nss]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1084,17 +1093,17 @@ msgstr ""
 "Begrenzung in der »limit.conf« sein."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1104,19 +1113,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 60, KCM: 300"
 msgstr "Voreinstellung: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1127,14 +1136,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1142,46 +1151,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Voreinstellung: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "offline_timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1190,64 +1199,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "Voreinstellung: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "offline_timeout (integer)"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "Voreinstellung: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1259,30 +1268,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Voreinstellung: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "NSS-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1290,12 +1299,12 @@ msgstr ""
 "benutzt werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1304,17 +1313,17 @@ msgstr ""
 "über alle Nutzer) zwischenspeichern?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Voreinstellung: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1326,7 +1335,7 @@ msgstr ""
 "werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1343,7 +1352,7 @@ msgstr ""
 "Zwischenspeicheraktualisierung zu warten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1356,17 +1365,17 @@ msgstr ""
 "Sekunden senken. (0 schaltet diese Funktionalität aus.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Voreinstellung: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1378,17 +1387,17 @@ msgstr ""
 "Backend erneut gefragt wird)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Voreinstellung: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1396,17 +1405,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1415,7 +1424,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1424,17 +1433,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Voreinstellung: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1442,12 +1451,12 @@ msgstr ""
 "setzen Sie diese Option auf »false«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1456,7 +1465,7 @@ msgstr ""
 "es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1464,7 +1473,7 @@ msgstr ""
 "»override_homedir«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1474,25 +1483,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
 "Verzeichnisse)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1503,19 +1512,19 @@ msgstr ""
 "entweder im Abschnitt [nss] oder für jede Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
 "benutzen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1523,12 +1532,12 @@ msgstr ""
 "Reihenfolge der Auswertung ist:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1537,7 +1546,7 @@ msgstr ""
 "shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1546,12 +1555,12 @@ msgstr ""
 "steht, wird eine Nicht-Login-Shell benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1559,13 +1568,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 "Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1574,28 +1583,28 @@ msgstr ""
 "Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1603,17 +1612,17 @@ msgstr ""
 "auf dem Rechner installiert ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Voreinstellung: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1623,7 +1632,7 @@ msgstr ""
 "jede Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1633,12 +1642,12 @@ msgstr ""
 "Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1647,43 +1656,43 @@ msgstr ""
 "gültig erachtet wird."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1691,27 +1700,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1719,21 +1728,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Voreinstellung: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1741,14 +1750,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1757,12 +1766,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1773,38 +1782,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>permit</quote>"
 msgid "Default: <quote>*</quote>"
 msgstr "Voreinstellung: »permit«"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 #, fuzzy
 #| msgid "This option can also be set per-domain."
 msgid ""
@@ -1813,7 +1822,7 @@ msgid ""
 msgstr "Diese Option kann auch pro Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1822,12 +1831,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "PAM-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1836,12 +1845,12 @@ msgstr ""
 "Authentication Module« (PAM) einzurichten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1851,17 +1860,17 @@ msgstr ""
 "erfolgreichen Anmeldung)?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Voreinstellung: 0 (unbegrenzt)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1870,12 +1879,12 @@ msgstr ""
 "Authentifizierungsanbieter offline ist?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1885,7 +1894,7 @@ msgstr ""
 "Anmeldeversuch möglich ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1897,17 +1906,17 @@ msgstr ""
 "Authentifizierung reaktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Voreinstellung: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1916,45 +1925,45 @@ msgstr ""
 "angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "Derzeit unterstützt SSSD folgende Werte:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Voreinstellung: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "ad_access_filter (string)"
 msgid "pam_response_filter (string)"
 msgstr "ad_access_filter (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1963,51 +1972,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2018,23 +2027,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2046,7 +2055,7 @@ msgstr ""
 "den neusten Informationen erfolgt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2060,17 +2069,17 @@ msgstr ""
 "viele Abfragen der Identitätsanbieter zu vermeiden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2081,7 +2090,7 @@ msgstr ""
 "SSSD keine Warnung anzeigen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -2091,7 +2100,7 @@ msgstr ""
 "automatisch angezeigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -2100,18 +2109,18 @@ msgstr ""
 "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Voreinstellung: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2121,75 +2130,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Voreinstellung: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2197,19 +2206,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2217,48 +2226,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 #, fuzzy
 #| msgid "ldap_chpass_update_last_change (bool)"
 msgid "pam_passkey_auth (bool)"
 msgstr "ldap_chpass_update_last_change (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Voreinstellung: True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Voreinstellung: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2266,36 +2275,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "ipa_automount_location (string)"
 msgid "pam_cert_verification (string)"
 msgstr "ipa_automount_location (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2305,7 +2314,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, fuzzy, no-wrap
 #| msgid ""
 #| "fallback_homedir = /home/%u\n"
@@ -2318,63 +2327,63 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "pam_id_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "simple_allow_users (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "simple_allow_users (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2382,7 +2391,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2394,63 +2403,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2458,12 +2467,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2474,7 +2483,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2482,7 +2491,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2490,7 +2499,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2499,47 +2508,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2548,17 +2557,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 #, fuzzy
 #| msgid "Comma separated list of users who are allowed to log in."
 msgid ""
@@ -2567,13 +2576,13 @@ msgid ""
 msgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2581,7 +2590,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, fuzzy, no-wrap
 #| msgid ""
 #| "fallback_homedir = /home/%u\n"
@@ -2594,22 +2603,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2617,19 +2626,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2637,7 +2646,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2652,7 +2661,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2660,45 +2669,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2706,7 +2715,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2714,7 +2723,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 #, fuzzy
 #| msgid "Default: not set (no substitution for unset home directories)"
 msgid "Default: not set (use of authentication indicators is not required)"
@@ -2723,12 +2732,12 @@ msgstr ""
 "Verzeichnisse)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "Sudo-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2746,12 +2755,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2761,12 +2770,12 @@ msgstr ""
 "nicht."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2776,23 +2785,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "AUTOFS-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 "Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2803,23 +2812,23 @@ msgstr ""
 "nicht existierende), bevor das Backend erneut befragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "SSH-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 "Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2828,12 +2837,12 @@ msgstr ""
 "»known_hosts« zusammengemischt werden oder nicht."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2842,17 +2851,17 @@ msgstr ""
 "»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "Voreinstellung: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2861,12 +2870,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2876,7 +2885,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2884,7 +2893,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2893,38 +2902,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "PAC-Responder-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2935,7 +2944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2946,7 +2955,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2955,18 +2964,18 @@ msgstr ""
 "diesen Gruppen hinzugefügt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2977,7 +2986,7 @@ msgstr ""
 "beim Starten zu UIDs aufgelöst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 #, fuzzy
 #| msgid ""
 #| "Default: 0 (only the root user is allowed to access the PAC responder)"
@@ -2989,14 +2998,14 @@ msgstr ""
 "Responder gestattet.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
 "Responder gestattet.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 #, fuzzy
 #| msgid ""
 #| "Please note that although the UID 0 is used as the default it will be "
@@ -3015,7 +3024,7 @@ msgstr ""
 "der Liste der erlaubten UIDs auch die 0 hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -3028,26 +3037,26 @@ msgstr ""
 "der Liste der erlaubten UIDs auch die 0 hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "ldap_schema (string)"
 msgid "pac_check (string)"
 msgstr "ldap_schema (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3058,24 +3067,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3083,24 +3092,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3112,7 +3121,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3123,41 +3132,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -3170,19 +3179,19 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3192,66 +3201,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3259,17 +3268,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3277,7 +3286,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3286,65 +3295,65 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "exclude_users (string)"
 msgstr "simple_deny_users (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No users excluded."
 msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "simple_deny_groups (string)"
 msgid "exclude_groups (string)"
 msgstr "simple_deny_groups (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No groups excluded."
 msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "DOMAIN-ABSCHNITTE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3354,12 +3363,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3368,14 +3377,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3384,31 +3393,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3417,7 +3426,7 @@ msgstr ""
 "enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3430,7 +3439,7 @@ msgstr ""
 "werden jene, die im Bereich liegen, wie erwartet gemeldet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -3439,17 +3448,17 @@ msgstr ""
 "den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3458,36 +3467,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = keine Aufzählungen für diese Domain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Voreinstellung: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3501,7 +3510,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3511,7 +3520,7 @@ msgstr ""
 "Ergebnisse zurück."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3526,7 +3535,7 @@ msgstr ""
 "benutzten »id_provider«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -3535,7 +3544,7 @@ msgstr ""
 "insbesondere in großen Umgebungen, nicht empfohlen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3543,32 +3552,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3582,12 +3591,12 @@ msgstr ""
 "Domains aktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -3596,7 +3605,7 @@ msgstr ""
 "soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3614,17 +3623,17 @@ msgstr ""
 "wurden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Voreinstellung: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -3633,19 +3642,19 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "Voreinstellung: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -3654,12 +3663,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -3668,12 +3677,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -3682,24 +3691,24 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -3708,12 +3717,12 @@ msgstr ""
 "bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -3723,36 +3732,36 @@ msgstr ""
 "wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -3762,7 +3771,7 @@ msgstr ""
 "abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3771,19 +3780,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
 "setzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3795,18 +3804,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "Voreinstellung: 0 (deaktiviert)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3817,7 +3826,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3826,12 +3835,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3843,19 +3852,19 @@ msgstr ""
 "gespeichert zu werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3868,17 +3877,17 @@ msgstr ""
 "Parameters muss größer oder gleich »offline_credentials_expiration« sein."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Voreinstellung: 0 (unbegrenzt)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3891,17 +3900,17 @@ msgstr ""
 "Authentifizierungsanbieter konfiguriert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -3909,12 +3918,12 @@ msgstr ""
 "werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3922,7 +3931,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3933,8 +3942,8 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 #, fuzzy
 #| msgid ""
 #| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
@@ -3952,8 +3961,8 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3965,12 +3974,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -3980,7 +3989,7 @@ msgstr ""
 "Benutzers, der an NSS gemeldet wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3994,7 +4003,7 @@ msgstr ""
 "test@LOCAL</command> würde ihn hingegen finden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -4006,24 +4015,24 @@ msgstr ""
 "nicht voll qualifizierter Name angefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -4035,7 +4044,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -4043,23 +4052,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -4068,7 +4077,7 @@ msgstr ""
 "Authentifizierungsanbieter werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4079,7 +4088,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4091,19 +4100,19 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 "»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "»none« deaktiviert explizit die Authentifizierung."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4112,12 +4121,12 @@ msgstr ""
 "mit Authentifizierungsanfragen umgehen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4128,7 +4137,7 @@ msgstr ""
 "Backends enthalten sind). Interne Spezialanbieter sind:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -4137,12 +4146,12 @@ msgstr ""
 "für eine lokale Domain."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "»deny« verweigert dem Zugriff immer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4155,7 +4164,7 @@ msgstr ""
 "simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4163,22 +4172,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Voreinstellung: »permit«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4187,7 +4196,7 @@ msgstr ""
 "Folgende Anbieter von Passwortänderungen werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4195,7 +4204,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4207,19 +4216,19 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 "»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "»none« verbietet explizit Passwortänderungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4228,19 +4237,19 @@ msgstr ""
 "kann mit Passwortänderungsanfragen umgehen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
 "unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4251,7 +4260,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -4260,7 +4269,7 @@ msgstr ""
 "Vorgabeeinstellungen für IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -4269,19 +4278,19 @@ msgstr ""
 "Vorgabeeinstellungen für AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "»none« deaktiviert explizit Sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4298,7 +4307,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4307,12 +4316,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4323,7 +4332,7 @@ msgstr ""
 "Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4335,12 +4344,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -4349,12 +4358,12 @@ msgstr ""
 "kann SELinux-Ladeanfragen handhaben."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -4364,7 +4373,7 @@ msgstr ""
 "werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4376,7 +4385,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4385,17 +4394,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "»none« deaktiviert explizit das Abholen von Subdomains."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4403,30 +4412,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -4434,7 +4443,7 @@ msgstr ""
 "»autofs« werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4446,7 +4455,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4458,7 +4467,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4466,17 +4475,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "»none« deaktiviert explizit »autofs«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -4485,7 +4494,7 @@ msgstr ""
 "wird. Folgende Anbieter von »hostid« werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4497,31 +4506,31 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "»none« deaktiviert explizit »hostid«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4529,7 +4538,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4538,12 +4547,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4558,7 +4567,7 @@ msgstr ""
 "(NetBIOS-) Namen der Domain entsprechen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 #, fuzzy
 #| msgid ""
 #| "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
@@ -4574,17 +4583,17 @@ msgstr ""
 "P&lt;Name&gt;[^@\\\\]+)$))« "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "Benutzername@Domain.Name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 #, fuzzy
 #| msgid ""
 #| "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
@@ -4602,12 +4611,12 @@ msgstr ""
 "P&lt;Name&gt;[^@\\\\]+)$))« "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "Domain\\Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -4617,7 +4626,7 @@ msgstr ""
 "Windows-Domains zu ermöglichen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4627,17 +4636,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Voreinstellung: »%1$s@%2$s«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -4645,80 +4654,80 @@ msgstr ""
 "ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "unterstützte Werte:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
 "nachzuschlagen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
 "nachzuschlagen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Voreinstellung: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Voreinstellung: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4726,17 +4735,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Voreinstellung: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4745,14 +4754,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4760,7 +4769,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4768,17 +4777,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Voreinstellung: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -4787,19 +4796,19 @@ msgstr ""
 "DNS-Dienstabfrage an."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "pam_id_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4807,59 +4816,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Voreinstellung: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "überschreibt die Haupt-GID mit der angegebenen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4867,14 +4876,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -4887,17 +4896,17 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4905,128 +4914,128 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_search_timeout (integer)"
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "ldap_network_timeout (integer)"
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "ldap_connection_expire_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout (integer)"
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 #, fuzzy
 #| msgid "ldap_krb5_ticket_lifetime (integer)"
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "ldap_enumeration_search_timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_expire_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -5034,27 +5043,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "flacher (NetBIOS-) Name einer Subdomain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -5069,7 +5078,7 @@ msgstr ""
 "verwendet werden.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -5077,17 +5086,17 @@ msgstr ""
 "überschrieben werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -5095,12 +5104,12 @@ msgstr ""
 "Kennzeichnungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -5109,19 +5118,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -5129,14 +5138,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy (string)"
 msgstr "ldap_pwd_policy (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -5148,7 +5157,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -5160,7 +5169,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -5168,44 +5177,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_pwd_policy (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5214,7 +5223,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5225,7 +5234,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5233,38 +5242,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: cn"
 msgid "Default: match"
 msgstr "Voreinstellung: cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5273,24 +5282,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5300,14 +5309,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5315,21 +5324,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5337,7 +5346,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5346,7 +5355,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5355,7 +5364,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -5367,17 +5376,17 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "das Proxy-Ziel, an das PAM weiterleitet"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 #, fuzzy
 #| msgid ""
 #| "Default: not set by default, you have to take an existing pam "
@@ -5392,12 +5401,12 @@ msgstr ""
 "hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -5408,12 +5417,12 @@ msgstr ""
 "»_nss_$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -5421,12 +5430,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -5440,12 +5449,12 @@ msgstr ""
 "veranlassen, die ID im Zwischenspeicher nachzuschlagen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -5453,7 +5462,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -5462,12 +5471,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -5484,7 +5493,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5492,17 +5501,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5511,7 +5520,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5521,7 +5530,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5541,12 +5550,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5557,69 +5566,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5632,7 +5641,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5640,7 +5649,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5649,43 +5658,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5693,12 +5702,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5707,17 +5716,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5725,26 +5734,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5753,17 +5762,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5773,7 +5782,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5782,59 +5791,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5843,7 +5852,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5852,7 +5861,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5863,17 +5872,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5881,39 +5890,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -5926,7 +5935,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5935,7 +5944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5943,12 +5952,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[sssd]\n"
@@ -6026,7 +6035,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -6035,7 +6044,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -6043,7 +6052,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -6054,7 +6063,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -6065,7 +6074,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6769,7 +6778,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "Voreinstellung: 900 (15 Minuten)"
 
@@ -6882,12 +6891,22 @@ msgstr "deaktiviert die Bereichsabfrage von Active Directory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
-msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+#, fuzzy
+#| msgid ""
+#| "Active Directory limits the number of members to be retrieved in a single "
+#| "lookup using the MaxValRange policy (which defaults to 1500 members). If "
+#| "a group contains more members, the reply would include an AD-specific "
+#| "range extension. This option disables parsing of the range extension, "
+#| "therefore large groups will appear as having no members."
+msgid ""
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 "Active Directory begrenzt die Anzahl der Mitglieder, die in einem einzigen "
 "Nachschlagen mittels der MaxValRange-Richtlinie empfangen werden können (die "
@@ -6897,12 +6916,12 @@ msgstr ""
 "es so aussehen, als ob große Gruppen keine Mitglieder hätten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6913,19 +6932,19 @@ msgstr ""
 "Werte dieser Option werden durch OpenLDAP definiert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
 "»ldap.conf« angegeben)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6933,12 +6952,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6950,7 +6969,7 @@ msgstr ""
 "nachgeschlagen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6961,7 +6980,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6974,7 +6993,7 @@ msgstr ""
 "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6985,12 +7004,12 @@ msgstr ""
 "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6998,7 +7017,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -7006,12 +7025,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -7021,7 +7040,7 @@ msgstr ""
 "Werte angegeben werden:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -7030,7 +7049,7 @@ msgstr ""
 "oder anfordern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7042,7 +7061,7 @@ msgstr ""
 "Sitzung fährt normal fort."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7053,7 +7072,7 @@ msgstr ""
 "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -7064,22 +7083,22 @@ msgstr ""
 "sofort beendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Voreinstellung: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -7088,7 +7107,7 @@ msgstr ""
 "die <command>sssd</command> erkennen wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -7097,12 +7116,12 @@ msgstr ""
 "<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -7124,33 +7143,33 @@ msgstr ""
 "Erstellen der korrekten Namen verwendet werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -7158,12 +7177,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 #, fuzzy
 #| msgid ""
 #| "Specifies that the id_provider connection must also use <systemitem "
@@ -7177,12 +7196,12 @@ msgstr ""
 "class=\"protocol\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -7194,19 +7213,19 @@ msgstr ""
 "verlassen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
 "Directory-ObjectSIDs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -7225,24 +7244,24 @@ msgstr ""
 "Abbildung von IDs wählen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -7253,12 +7272,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -7271,7 +7290,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -7283,17 +7302,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -7304,17 +7323,17 @@ msgstr ""
 "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "Voreinstellung: der Wert von »krb5_realm«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -7324,34 +7343,34 @@ msgstr ""
 "Bind in eine kanonische Form zu bringen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Voreinstellung: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -7359,28 +7378,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Voreinstellung: 86400 (24 Stunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -7399,7 +7418,7 @@ msgstr ""
 "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -7410,7 +7429,7 @@ msgstr ""
 "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -7422,29 +7441,29 @@ msgstr ""
 "migrieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -7454,12 +7473,12 @@ msgstr ""
 "Kerberos >= 1.7 verfügbar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -7475,7 +7494,7 @@ msgstr ""
 "manvolnum> </citerefentry> einrichten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -7486,12 +7505,12 @@ msgstr ""
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -7500,7 +7519,7 @@ msgstr ""
 "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -7509,7 +7528,7 @@ msgstr ""
 "kann keine Server-seitigen Passwortregelwerke deaktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 #, fuzzy
 #| msgid ""
 #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
@@ -7526,7 +7545,7 @@ msgstr ""
 "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -7538,7 +7557,7 @@ msgstr ""
 "Passwort geändert wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -7548,17 +7567,17 @@ msgstr ""
 "festgelegten Regel."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -7567,7 +7586,7 @@ msgstr ""
 "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 #, fuzzy
 #| msgid ""
 #| "Chasing referrals may incur a performance penalty in environments that "
@@ -7591,28 +7610,28 @@ msgstr ""
 "merkliche Leistungsverbesserung bringen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Voreinstellung: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -7621,17 +7640,17 @@ msgstr ""
 "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -7640,7 +7659,7 @@ msgstr ""
 "Passwortänderung mit Unix-Zeit geändert wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -7649,12 +7668,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -7684,12 +7703,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Beispiel:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -7701,7 +7720,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -7710,7 +7729,7 @@ msgstr ""
 "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -7719,17 +7738,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "Voreinstellung: leer"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -7738,7 +7757,7 @@ msgstr ""
 "Zugriffssteuerungsattribute aktiviert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -7749,12 +7768,12 @@ msgstr ""
 "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Die folgenden Werte sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -7763,7 +7782,7 @@ msgstr ""
 "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -7776,7 +7795,7 @@ msgstr ""
 "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -7787,7 +7806,7 @@ msgstr ""
 "Zugriff erlaubt wird oder nicht."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -7800,7 +7819,7 @@ msgstr ""
 "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -7811,24 +7830,24 @@ msgstr ""
 "»ldap_account_expire_policy« funktioniert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
 "sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7838,14 +7857,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7858,12 +7877,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -7873,31 +7892,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7905,7 +7924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -7914,33 +7933,33 @@ msgstr ""
 "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
 "ob Zugriff gewährt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Voreinstellung: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -7949,12 +7968,12 @@ msgstr ""
 "mehr als einmal benutzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7963,22 +7982,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -7987,12 +8006,12 @@ msgstr ""
 "folgenden Optionen sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -8002,7 +8021,7 @@ msgstr ""
 "Suche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -8011,7 +8030,7 @@ msgstr ""
 "der Suche dereferenziert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -8020,7 +8039,7 @@ msgstr ""
 "Orten des Basisobjekts der Suche dereferenziert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -8029,12 +8048,12 @@ msgstr ""
 "<emphasis>never</emphasis> gehandhabt.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -8043,7 +8062,7 @@ msgstr ""
 "beizubehalten, die das Schema RFC2307 benutzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -8061,7 +8080,7 @@ msgstr ""
 "getpw*() oder initgroups() abzurufen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -8072,64 +8091,64 @@ msgstr ""
 "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "debug_level (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 #, fuzzy
 #| msgid "Default: 0 (disabled)"
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "Voreinstellung: 0 (deaktiviert)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_id_mapping (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -8137,14 +8156,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -8167,12 +8186,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "SUDO-OPTIONEN"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -8183,12 +8202,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -8198,7 +8217,7 @@ msgstr ""
 "heruntergeladen werden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -8207,24 +8226,24 @@ msgstr ""
 "emphasis> sein."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "Voreinstellung: 21600 (6 Stunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -8232,7 +8251,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -8241,7 +8260,7 @@ msgstr ""
 "das Attribut »modifyTimestamp« benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -8251,21 +8270,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_idmap_range_size (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -8273,7 +8292,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -8281,17 +8300,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -8301,12 +8320,12 @@ msgstr ""
 "Netzwerkadressen und Rechnernamen)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -8315,7 +8334,7 @@ msgstr ""
 "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -8324,8 +8343,8 @@ msgstr ""
 "voll qualifizierten Domain-Namen automatisch herauszufinden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -8334,17 +8353,17 @@ msgstr ""
 "emphasis> ist, hat diese Option keine Auswirkungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "Voreinstellung: nicht angegeben"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -8353,7 +8372,7 @@ msgstr ""
 "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -8362,12 +8381,12 @@ msgstr ""
 "herauszufinden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -8376,12 +8395,12 @@ msgstr ""
 "eine Netzgruppe im Attribut »sudoHost« enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -8390,14 +8409,14 @@ msgstr ""
 "einen Platzhalter im Attribut »sudoHost« enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -8410,59 +8429,59 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "AUTOFS-OPTIONEN"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "Der Name der Automount-Master-Abbildung in LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "Voreinstellung: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "ERWEITERTE OPTIONEN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -8471,22 +8490,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -8495,14 +8514,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "BEISPIEL"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -8513,7 +8532,7 @@ msgstr ""
 "gesetzt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8526,7 +8545,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -8534,19 +8553,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8562,13 +8581,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ANMERKUNGEN"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -8631,7 +8650,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "OPTIONEN"
 
@@ -13941,7 +13960,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr "EXIT-STATUS"
@@ -14095,7 +14114,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -16113,8 +16132,13 @@ msgstr ""
 "<command>sss_ssh_knownhostsproxy</command> zur Authentifizierung des "
 "Rechnerschlüssels benutzt: <placeholder type=\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -16122,14 +16146,14 @@ msgstr ""
 "Schlüsseln für den Rechner."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-R</option>,<option>--no-remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -16137,12 +16161,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -16156,7 +16180,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -16164,7 +16188,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -16173,14 +16197,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 #, fuzzy
 #| msgid ""
 #| "In case of success, an exit value of 0 is returned. Otherwise, 1 is "
 #| "returned."
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 "Im Erfolgsfall ist der Rückgabewert 0, andernfalls wird 1 zurückgegeben."
 
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 4bb1deb10d..51abf6b68c 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -18,7 +18,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2021-10-27 15:05+0000\n"
 "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
 "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/"
@@ -288,10 +288,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -313,10 +313,10 @@ msgstr ""
 "se ignora."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -357,8 +357,8 @@ msgstr ""
 "configuración no tiene efecto para otro tipo de registros)."
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -391,8 +391,8 @@ msgstr ""
 "Advierta que después de tres pulsaciones perdidas el servicio se terminará."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Predeterminado: 10"
 
@@ -484,7 +484,7 @@ msgstr ""
 "\"/\" está prohibido."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (cadena)"
 
@@ -509,12 +509,12 @@ msgstr ""
 "las SECCIONES DOMINIO para mas información sobre estas expresiones regulares."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -526,33 +526,33 @@ msgstr ""
 "dominio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "nombre de usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "nombre de dominio como se especifica en el fichero de configuración SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -562,7 +562,7 @@ msgstr ""
 "medio de IPA de confianza."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -768,8 +768,8 @@ msgstr ""
 "cuando se use la opción default_domain_suffix."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -1132,7 +1132,7 @@ msgstr ""
 "casos donde los nombres de usuarios se deben compartir entre dominios."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Por defecto: No definido"
@@ -1167,29 +1167,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "certificate_verification (string)"
 msgid "passkey_verification (string)"
 msgstr "certificate_verification (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "certificate_verification (string)"
 msgid "user_verification (boolean)"
 msgstr "certificate_verification (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1197,7 +1206,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 #, fuzzy
 #| msgid ""
 #| "With this parameter the certificate verification can be tuned with a "
@@ -1230,12 +1239,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "SECCIONES DE SERVICIOS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1248,22 +1257,22 @@ msgstr ""
 "sección sería <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Opciones de configuración de servicios generales"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1278,17 +1287,17 @@ msgstr ""
 "valor más bajo de este o de limite “hard” en limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1303,17 +1312,17 @@ msgstr ""
 "configura un valor más bajo será ajustado a 10 segundos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr "Predeterminado: 60, KCM: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1331,7 +1340,7 @@ msgstr ""
 "nuevo intervalo se calcula mediante lo siguiente:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
@@ -1340,7 +1349,7 @@ msgstr ""
 "offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1352,46 +1361,46 @@ msgstr ""
 "segundos antes del próximo reintento."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Predeterminado: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "offline_timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1400,66 +1409,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "Predeterminado: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "offline_timeout + random_offset"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 #, fuzzy
 #| msgid "offline_timeout + random_offset"
 msgid "[0 - offline_timeout_random_offset]"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "Predeterminado: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr "responder_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1478,18 +1487,18 @@ msgstr ""
 "los servicios activados son socket o D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Predeterminado: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr "cache_first"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
@@ -1498,12 +1507,12 @@ msgstr ""
 "de consultar a los Proveedores de Datos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "Opciones de configuración de NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1511,12 +1520,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1525,17 +1534,17 @@ msgstr ""
 "sobre todos los usuarios)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Predeterminado: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1546,7 +1555,7 @@ msgstr ""
 "valor de entry_cache_timeout para el dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1562,7 +1571,7 @@ msgstr ""
 "actualización del cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1575,17 +1584,17 @@ msgstr ""
 "segundos. (0 deshabilita esta función)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Predeterminado: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1596,17 +1605,17 @@ msgstr ""
 "entradas no existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Predeterminado: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr "local_negative_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1617,17 +1626,17 @@ msgstr ""
 "otra vez. Fijando la opción a 0 deshabilita esta característica."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr "Por defecto: 14400 (4 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1641,7 +1650,7 @@ msgstr ""
 "usuario (UPN)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1654,17 +1663,17 @@ msgstr ""
 "filtrado mantendrá los usuarios miembros del listado posterior."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Predeterminado: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1672,12 +1681,12 @@ msgstr ""
 "opción a false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1686,7 +1695,7 @@ msgstr ""
 "especificado una explícitamente por el proveedor de datos del dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1694,7 +1703,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1704,24 +1713,24 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1732,17 +1741,17 @@ msgstr ""
 "la sección [nss] o por dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1750,12 +1759,12 @@ msgstr ""
 "evaluación es:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1764,7 +1773,7 @@ msgstr ""
 "shells</quote>, usa el valor del parámetro shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1773,12 +1782,12 @@ msgstr ""
 "shells</quote>, se usará un shell de no acceso."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr "Se puede usar el comodín (*) para permitir cualquier shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1789,12 +1798,12 @@ msgstr ""
 "los shells permitidos en allowed_shells estuviera llena."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Una cadena vacía para el shell se pasa como-es a libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1804,27 +1813,27 @@ msgstr ""
 "una nueva shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1832,17 +1841,17 @@ msgstr ""
 "máquina."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Predeterminado: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1852,7 +1861,7 @@ msgstr ""
 "o por dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1862,12 +1871,12 @@ msgstr ""
 "normalmente /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1876,14 +1885,14 @@ msgstr ""
 "considerada válida."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
@@ -1892,7 +1901,7 @@ msgstr ""
 "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
@@ -1902,8 +1911,8 @@ msgstr ""
 "pruebas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
@@ -1912,14 +1921,14 @@ msgstr ""
 "las aplicaciones clientes no usaran la memoria cache rápida."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 #, fuzzy
 #| msgid ""
 #| "Specifies time in seconds for which records in the in-memory cache will "
@@ -1933,13 +1942,13 @@ msgstr ""
 "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr "Predeterminado: 8"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 #, fuzzy
 #| msgid ""
 #| "WARNING: Disabling the in-memory cache will have significant negative "
@@ -1953,14 +1962,14 @@ msgstr ""
 "pruebas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 #, fuzzy
 #| msgid ""
 #| "Specifies time in seconds for which records in the in-memory cache will "
@@ -1974,21 +1983,21 @@ msgstr ""
 "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Predeterminado: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 #, fuzzy
 #| msgid ""
 #| "Specifies time in seconds for which records in the in-memory cache will "
@@ -2002,14 +2011,14 @@ msgstr ""
 "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 #, fuzzy
 #| msgid ""
 #| "Specifies time in seconds for which records in the in-memory cache will "
@@ -2024,12 +2033,12 @@ msgstr ""
 "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -2047,7 +2056,7 @@ msgstr ""
 "predeterminados."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
@@ -2056,17 +2065,17 @@ msgstr ""
 "opción InfoPipe si no está fijada para el contestador NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr "Por defecto: no ajustada, retroceder a opción InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr "pwfield (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
@@ -2075,14 +2084,14 @@ msgstr ""
 "para el campo <quote>password</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>permit</quote>"
 msgid "Default: <quote>*</quote>"
 msgstr "Predeterminado: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 #, fuzzy
 #| msgid "This option can also be set per-domain."
 msgid ""
@@ -2091,7 +2100,7 @@ msgid ""
 msgstr "Esta opción puede ser también fijada por dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 #, fuzzy
 #| msgid ""
 #| "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the "
@@ -2106,12 +2115,12 @@ msgstr ""
 "ficheros de dominio)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "Opciones de configuración PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -2120,12 +2129,12 @@ msgstr ""
 "Authentication Module (PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -2134,17 +2143,17 @@ msgstr ""
 "los accesos escondidos (en días desde el último login en línea con éxito)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Predeterminado: 0 (Sin límite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -2153,12 +2162,12 @@ msgstr ""
 "login fallados están permitidos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -2168,7 +2177,7 @@ msgstr ""
 "intento de login sea posible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -2179,17 +2188,17 @@ msgstr ""
 "éxito puede habilitar otra vez la autenticación fuera de línea."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Predeterminado: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -2198,46 +2207,46 @@ msgstr ""
 "autenticación. Cuanto mayor sea el número de mensajes más aparecen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "Actualmente sssd soporta los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
 "depuración"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Predeterminado: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "pam_response_filter (integer)"
 msgid "pam_response_filter (string)"
 msgstr "pam_response_filter (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -2250,7 +2259,7 @@ msgstr ""
 "variables de entorno que deberían ser fijadas por pam_sss."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
@@ -2259,37 +2268,37 @@ msgstr ""
 "pam_verbosity esta opción permite filtrar otra clase de respuestas también."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr "ENV"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr "No envía ninguna variable de entorno a ningún servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr "ENV:var_name"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr "No envía la variable de entorno var_name a  ningún servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr "ENV:var_name:service"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr "No envía la variable de entorno var_name al servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -2298,7 +2307,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2309,25 +2318,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 #, fuzzy
 #| msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr "Ejemplo: ENV:KRB5CCNAME:sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2339,7 +2348,7 @@ msgstr ""
 "información más actual."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2353,17 +2362,17 @@ msgstr ""
 "proveedor de identidad."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2374,7 +2383,7 @@ msgstr ""
 "información desaparece, sssd no podrá mostrar un aviso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -2384,7 +2393,7 @@ msgstr ""
 "automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -2393,18 +2402,18 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Predeterminado: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2419,12 +2428,12 @@ msgstr ""
 "nombres de usuarios se resuelven a UIDs en el arranque."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr "Por defecto: Todos los usuarios se consideran de confianza por defecto"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
@@ -2433,12 +2442,12 @@ msgstr ""
 "aunque no está en la la lista pam_trusted_users."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
@@ -2447,13 +2456,13 @@ msgstr ""
 "accesibles hasta para los usuarios en los que no se confíe."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 "Hay definidos dos valores especiales para la opción pam_public_domains:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -2461,7 +2470,7 @@ msgstr ""
 "dominios en el contestador PAM.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -2470,19 +2479,19 @@ msgstr ""
 "dominios PAM en el contestador.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Predeterminado: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
@@ -2491,7 +2500,7 @@ msgstr ""
 "mensaje predeterminado 'Permiso denegado'."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
@@ -2501,7 +2510,7 @@ msgstr ""
 "mensajes e información de depuración)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2511,12 +2520,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr "pam_account_locked_message (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
@@ -2525,7 +2534,7 @@ msgstr ""
 "por defecto 'Permiso denegado'."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2535,48 +2544,48 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 #, fuzzy
 #| msgid "pam_cert_auth (bool)"
 msgid "pam_passkey_auth (bool)"
 msgstr "pam_cert_auth (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Predeterminado: True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Por defecto: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr "pam_cert_auth (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2587,22 +2596,22 @@ msgstr ""
 "de autenticación esta opción está deshabilitada por defecto."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr "pam_cert_db_path (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr "Predeterminado:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 #, fuzzy
 #| msgid ""
 #| "/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
@@ -2615,14 +2624,14 @@ msgstr ""
 "certificados CA de confianza en formato PEM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "certificate_verification (string)"
 msgid "pam_cert_verification (string)"
 msgstr "certificate_verification (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 #, fuzzy
 #| msgid ""
 #| "With this parameter the certificate verification can be tuned with a "
@@ -2640,7 +2649,7 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, fuzzy, no-wrap
 #| msgid ""
 #| "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2653,31 +2662,31 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr "p11_child_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "p11_child_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "p11_child_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 #, fuzzy
 #| msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgid ""
@@ -2685,12 +2694,12 @@ msgid ""
 msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr "pam_app_services (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
@@ -2699,14 +2708,14 @@ msgstr ""
 "tipo <quote>application</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "pam_p11_allowed_services (integer)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "pam_p11_allowed_services (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
@@ -2715,7 +2724,7 @@ msgstr ""
 "permitidos usar Smartcards."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2725,7 +2734,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2745,7 +2754,7 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
@@ -2753,57 +2762,57 @@ msgstr ""
 "incluye:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr "gnome-screensaver"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr "p11_wait_for_card_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2814,12 +2823,12 @@ msgstr ""
 "inserte la Smartcard."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr "p11_uri (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2837,7 +2846,7 @@ msgstr ""
 "específico."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, fuzzy, no-wrap
 #| msgid ""
 #| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2850,7 +2859,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, fuzzy, no-wrap
 #| msgid ""
 #| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2863,7 +2872,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2876,47 +2885,47 @@ msgstr ""
 "GnuTLS 'p11tool' con e.g. '--list-all' mostrará PKCS#11 URIs también."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2925,19 +2934,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 #, fuzzy
 #| msgid "pam_app_services (string)"
 msgid "pam_gssapi_services"
 msgstr "pam_app_services (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 #, fuzzy
 #| msgid "Comma separated list of users who are allowed to log in."
 msgid ""
@@ -2946,13 +2955,13 @@ msgid ""
 msgstr "Lista separada por comas de usuarios a los está permitido el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2960,7 +2969,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, fuzzy, no-wrap
 #| msgid ""
 #| "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2973,22 +2982,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2996,19 +3005,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -3016,7 +3025,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -3031,7 +3040,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -3039,45 +3048,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, fuzzy, no-wrap
 #| msgid ""
 #| "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -3090,7 +3099,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -3098,7 +3107,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 #, fuzzy
 #| msgid "Default: not set (no substitution for unset home directories)"
 msgid "Default: not set (use of authentication indicators is not required)"
@@ -3106,12 +3115,12 @@ msgstr ""
 "Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "SUDO opciones de configuración"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -3129,12 +3138,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -3143,12 +3152,12 @@ msgstr ""
 "entradas de sudoers dependientes del tiempo."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr "sudo_threshold (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -3164,22 +3173,22 @@ msgstr ""
 "comando."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "Opciones de configuración AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -3190,22 +3199,22 @@ msgstr ""
 "existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "Opciones de configuración SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -3214,12 +3223,12 @@ msgstr ""
 "known_host. "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -3228,17 +3237,17 @@ msgstr ""
 "después de que se hayan pedido sus claves de host."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "Por defecto: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr "ssh_use_certificate_keys (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -3252,12 +3261,12 @@ msgstr ""
 "manvolnum> </citerefentry> for details."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr "ssh_use_certificate_matching_rules (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -3272,7 +3281,7 @@ msgstr ""
 "de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -3280,7 +3289,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -3289,26 +3298,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr "ca_db (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
@@ -3318,12 +3327,12 @@ msgstr ""
 "públicas ssh de ellos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "Opciones de configuración del respondedor PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -3341,7 +3350,7 @@ msgstr ""
 "se hacen algunas de las siguientes operaciones:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -3357,7 +3366,7 @@ msgstr ""
 "predeterminado, pero se puede sustituir con el parámetro default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -3366,17 +3375,17 @@ msgstr ""
 "a esos grupos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -3386,7 +3395,7 @@ msgstr ""
 "usuario que tiene el acceso permitido al respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 #, fuzzy
 #| msgid ""
 #| "Default: 0 (only the root user is allowed to access the PAC responder)"
@@ -3398,14 +3407,14 @@ msgstr ""
 "respondedor PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
 "respondedor PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 #, fuzzy
 #| msgid ""
 #| "Please note that although the UID 0 is used as the default it will be "
@@ -3424,7 +3433,7 @@ msgstr ""
 "lista de UIDs permitidas también."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -3437,12 +3446,12 @@ msgstr ""
 "lista de UIDs permitidas también."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr "pac_lifetime (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
@@ -3452,14 +3461,14 @@ msgstr ""
 "usuario."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "ldap_schema (string)"
 msgid "pac_check (string)"
 msgstr "ldap_schema (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3470,24 +3479,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3495,24 +3504,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3524,7 +3533,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3535,41 +3544,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -3582,19 +3591,19 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr "Opciones de configuración de la grabación de sesión"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3610,32 +3619,32 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr "Se pueden usar estas opciones para configurar la grabación de sesión."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr "scope (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr "\"none\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr "NO se grabaron usuarios."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr "\"some\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
@@ -3644,17 +3653,17 @@ msgstr ""
 "replaceable> y<replaceable>groups</replaceable> son grabados."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr "\"all\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr "Se graban todos los usuarios."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3663,17 +3672,17 @@ msgstr ""
 "grabación: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr "Predeterminado: \"none\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr "users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3685,17 +3694,17 @@ msgstr ""
 "mayúsculas/minúsculas, etc."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr "Predeterminado: Vacío. No hay usuarios coincidentes."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr "groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3707,7 +3716,7 @@ msgstr ""
 "minúsculas, etc."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3720,65 +3729,65 @@ msgstr ""
 "pertenece el usuario."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr "Predeterminado: Vacío. No empareja grupos."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "users (string)"
 msgid "exclude_users (string)"
 msgstr "users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 #, fuzzy
 #| msgid "Default: Empty. Matches no users."
 msgid "Default: Empty. No users excluded."
 msgstr "Predeterminado: Vacío. No hay usuarios coincidentes."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "groups (string)"
 msgid "exclude_groups (string)"
 msgstr "groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 #, fuzzy
 #| msgid "Default: Empty. Matches no groups."
 msgid "Default: Empty. No groups excluded."
 msgstr "Predeterminado: Vacío. No empareja grupos."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "SECCIONES DE DOMINIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3788,12 +3797,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr "domain_type (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3806,7 +3815,7 @@ msgstr ""
 "disponibles para las interfaces y utilidades de sistema operativo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
@@ -3815,7 +3824,7 @@ msgstr ""
 "<quote>application</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3828,7 +3837,7 @@ msgstr ""
 "manvolnum> </citerefentry>) y el contestador PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
@@ -3837,7 +3846,7 @@ msgstr ""
 "<quote>id_provider=ldap</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
@@ -3846,17 +3855,17 @@ msgstr ""
 "<quote>Dominios aplicación</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr "Predeterminado: posix"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id, max_id (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3865,7 +3874,7 @@ msgstr ""
 "está fuera de estos límites, ésta es ignorada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3878,7 +3887,7 @@ msgstr ""
 "reportados como en espera."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -3887,17 +3896,17 @@ msgstr ""
 "devolviéndolas por nombre o ID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerar (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3910,22 +3919,22 @@ msgstr ""
 "Este parámetros puede tener uno de los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Usuarios y grupos son enumerados"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Sin enumeraciones para este dominio"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Predeterminado: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
@@ -3934,14 +3943,14 @@ msgstr ""
 "entradas de usuario y grupo del servidor remoto."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 #, fuzzy
 #| msgid ""
 #| "Note: Enabling enumeration has a moderate performance impact on SSSD "
@@ -3976,7 +3985,7 @@ msgstr ""
 "guardián interno."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3986,7 +3995,7 @@ msgstr ""
 "completen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -4000,7 +4009,7 @@ msgstr ""
 "específico id_provider en uso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -4009,7 +4018,7 @@ msgstr ""
 "especialmente en entornos grandes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -4017,32 +4026,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Se enumerarán todos los dominios de confianza descubiertos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr "No serán enumerados dominios de confianza descubiertos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -4055,12 +4064,12 @@ msgstr ""
 "enumeración solo para estos dominios de confianza."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -4069,7 +4078,7 @@ msgstr ""
 "volver a consultar al backend"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -4087,17 +4096,17 @@ msgstr ""
 "están en la caché."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Predeterminado: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -4106,19 +4115,19 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "Por defecto: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -4127,12 +4136,12 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -4141,12 +4150,12 @@ msgstr ""
 "válidas antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -4155,24 +4164,24 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -4181,12 +4190,12 @@ msgstr ""
 "preguntar al backend otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -4195,12 +4204,12 @@ msgstr ""
 "automontaje válidos antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -4209,24 +4218,24 @@ msgstr ""
 "cuanto guardar en caché la clave de host."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -4236,7 +4245,7 @@ msgstr ""
 "expirados o a punto de hacerlo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -4249,18 +4258,18 @@ msgstr ""
 "login), tanto la entrada usuario y la membresia de grupo son actualizados."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 "Esta opción se hereda automáticamente para todos los dominios de confianza."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr "Usted puede considerar ajustar este valor a 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -4272,18 +4281,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "Predeterminado: 0 (deshabilitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -4294,7 +4303,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -4303,12 +4312,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr "cache_credentials_minimal_first_factor_length (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -4320,7 +4329,7 @@ msgstr ""
 "SHA512 en el caché."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
@@ -4330,12 +4339,12 @@ msgstr ""
 "bruta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -4348,17 +4357,17 @@ msgstr ""
 "grande o igual que offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Predeterminado: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -4371,17 +4380,17 @@ msgstr ""
 "configurar un proveedor de autorización para el backend."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -4389,12 +4398,12 @@ msgstr ""
 "soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "<quote>proxy</quote>: Soporta un proveedor NSS heredado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4406,7 +4415,7 @@ msgstr ""
 "grupos locales en SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4417,8 +4426,8 @@ msgstr ""
 "información sobre la configuración de LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 #, fuzzy
 #| msgid ""
 #| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
@@ -4436,8 +4445,8 @@ msgstr ""
 "configuración de FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4449,12 +4458,12 @@ msgstr ""
 "Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -4464,7 +4473,7 @@ msgstr ""
 "NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -4478,7 +4487,7 @@ msgstr ""
 "command> lo haría."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -4490,24 +4499,24 @@ msgstr ""
 "cualificado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr "No devuelve miembros de grupo para búsquedas de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -4526,7 +4535,7 @@ msgstr ""
 "devolver el grupo pedido como si estuviera vacío."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -4537,23 +4546,23 @@ msgstr ""
 "especialmente para grupos que contienen muchos miembros."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -4562,7 +4571,7 @@ msgstr ""
 "autenticación soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4573,7 +4582,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4584,7 +4593,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -4592,12 +4601,12 @@ msgstr ""
 "objetivo PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4606,12 +4615,12 @@ msgstr ""
 "manejar las peticiones de autenticación."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4622,7 +4631,7 @@ msgstr ""
 "proveedores especiales internos son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -4631,12 +4640,12 @@ msgstr ""
 "sólo permitido para un dominio local."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> siempre niega el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4649,7 +4658,7 @@ msgstr ""
 "configuración del módulo de acceso sencillo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4661,23 +4670,23 @@ msgstr ""
 "Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 "<quote>proxy</quote> para transmitir control de acceso a otro módulo PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Predeterminado: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4686,7 +4695,7 @@ msgstr ""
 "el dominio. Los proveedores de cambio de passweord soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4698,7 +4707,7 @@ msgstr ""
 "configuración de LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4709,7 +4718,7 @@ msgstr ""
 "citerefentry> para más información sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -4717,13 +4726,13 @@ msgstr ""
 "otros objetivos PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> deniega explícitamente los cambios en la contraseña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4732,18 +4741,18 @@ msgstr ""
 "puede manejar las peticiones de cambio de password."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4754,7 +4763,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -4763,7 +4772,7 @@ msgstr ""
 "predeterminados IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -4772,19 +4781,19 @@ msgstr ""
 "predeterminados AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4801,7 +4810,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4815,12 +4824,12 @@ msgstr ""
 "desea usar sudo cn SSSD mas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4831,7 +4840,7 @@ msgstr ""
 "finalice. Los proveedores selinux soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4843,14 +4852,14 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
 "explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -4859,12 +4868,12 @@ msgstr ""
 "manejar las peticiones de carga selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -4874,7 +4883,7 @@ msgstr ""
 "soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4886,7 +4895,7 @@ msgstr ""
 "configuración de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4899,18 +4908,18 @@ msgstr ""
 "configuración del proveedor AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 "<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr "session_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4922,14 +4931,14 @@ msgstr ""
 "de sesiones soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 "<quote>ipa</quote> para permitir llevar a cabo tareas relacionadas con la "
 "sesión de usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
@@ -4937,7 +4946,7 @@ msgstr ""
 "de usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
@@ -4946,12 +4955,12 @@ msgstr ""
 "llevar a cabo tareas relacionadas con la sesión de usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -4959,7 +4968,7 @@ msgstr ""
 "son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4971,7 +4980,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4983,7 +4992,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4995,17 +5004,17 @@ msgstr ""
 "proveedor AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> deshabilita autofs explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -5014,7 +5023,7 @@ msgstr ""
 "proveedores de hostid soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -5026,31 +5035,31 @@ msgstr ""
 "configuración de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> deshabilita hostid explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -5058,7 +5067,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -5067,12 +5076,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -5087,7 +5096,7 @@ msgstr ""
 "dominios Active Directory, el nombre plano (NetBIOS) del dominio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 #, fuzzy
 #| msgid ""
 #| "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
@@ -5104,17 +5113,17 @@ msgstr ""
 "nombres de usuario:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "nombre de usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 #, fuzzy
 #| msgid ""
 #| "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
@@ -5133,12 +5142,12 @@ msgstr ""
 "nombres de usuario:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "dominio/nombre_de_usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -5148,7 +5157,7 @@ msgstr ""
 "dominios Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -5158,17 +5167,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -5177,57 +5186,57 @@ msgstr ""
 "a usar cuando se lleven a cabo búsquedas DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Valores soportados:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Predeterminado: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
@@ -5236,19 +5245,19 @@ msgstr ""
 "información sobre la resolución del servicio."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Predeterminado: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -5256,17 +5265,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Predeterminado: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -5279,14 +5288,14 @@ msgstr ""
 "trabajando en modo offline."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -5294,7 +5303,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -5302,17 +5311,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Predeterminado: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -5321,20 +5330,20 @@ msgstr ""
 "de dominio de la pregunta al descubridor de servicio DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "p11_wait_for_card_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "p11_wait_for_card_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -5342,61 +5351,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Predeterminado: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "Anula el valor primario GID con el especificado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 "Distingue mayúsculas y minúsculas. Este valor es invalido para el proveedor "
 "AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr "No sensible a mayúsculas minúsculas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -5408,14 +5417,14 @@ msgstr ""
 "protocolo) están en minúsculas en la salida."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 #, fuzzy
 #| msgid ""
 #| "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
@@ -5426,17 +5435,17 @@ msgstr ""
 "Las opciones disponibles son: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr "Predeterminado: True (False para proveedor AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -5448,61 +5457,61 @@ msgstr ""
 "siguientes opciones:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_search_timeout (integer)"
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "ldap_network_timeout (integer)"
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "ldap_connection_expire_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout"
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
@@ -5511,71 +5520,71 @@ msgstr ""
 "explícitamente ldap_krb5_keytab)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 #, fuzzy
 #| msgid "ldap_krb5_ticket_lifetime (integer)"
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "ldap_enumeration_search_timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_expire_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 #, fuzzy
 #| msgid "auto_private_groups (string)"
 msgid "auto_private_groups"
 msgstr "auto_private_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 #, fuzzy
 #| msgid "Case insensitive."
 msgid "case_sensitive"
 msgstr "No sensible a mayúsculas minúsculas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -5585,27 +5594,27 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr "Aviso: Esta opción solo trabaja con el proveedor IPA y AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "flat (NetBIOS) nombre de un subdominio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -5621,7 +5630,7 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -5629,17 +5638,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Por defecto: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -5647,12 +5656,12 @@ msgstr ""
 "este dominio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr "cached_auth_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -5665,7 +5674,7 @@ msgstr ""
 "incorrectas, SSSD cae de nuevo a la autenticación en linea."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
@@ -5675,12 +5684,12 @@ msgstr ""
 "confianza."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr "El valor especial 0 implica que esta función está deshabilitada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -5691,14 +5700,14 @@ msgstr ""
 "gestionar <quote>initgroups.</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy (string)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -5710,7 +5719,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -5722,7 +5731,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -5730,46 +5739,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 #, fuzzy
 #| msgid "gdm-smartcard"
 msgid "Smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5778,7 +5787,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5789,7 +5798,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5797,31 +5806,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: mail"
 msgid "Default: match"
 msgstr "Predeterminado: mail"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr "auto_private_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr "true"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
@@ -5830,7 +5839,7 @@ msgstr ""
 "usuario.  El número GID se ignora en este caso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5843,12 +5852,12 @@ msgstr ""
 "unicidad den el espacio de ID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr "false"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
@@ -5857,12 +5866,12 @@ msgstr ""
 "a un  objeto grupo en las base de datos LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr "hybrid"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5877,7 +5886,7 @@ msgstr ""
 "grupo, el GID primario del usuario se resuelve al de ese objeto grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
@@ -5886,7 +5895,7 @@ msgstr ""
 "una entrada de grupo, de otro modo el GID simplemente no se puede resolver."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5897,7 +5906,7 @@ msgstr ""
 "también desea retener los grupos privados existentes del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -5906,7 +5915,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
@@ -5915,7 +5924,7 @@ msgstr ""
 "POSIX IDs asignados y True para subdominios que usan mapeo de ID automático."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5925,7 +5934,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5937,7 +5946,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5951,7 +5960,7 @@ msgstr ""
 "type=\"programlisting\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -5963,17 +5972,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "El proxy de destino PAM próximo a."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 #, fuzzy
 #| msgid ""
 #| "Default: not set by default, you have to take an existing pam "
@@ -5987,12 +5996,12 @@ msgstr ""
 "pam existente o crear una nueva y añadir el nombre de servicio aquí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -6003,12 +6012,12 @@ msgstr ""
 "_nss_$(libName)_$(function), por ejemplo _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -6016,12 +6025,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -6035,12 +6044,12 @@ msgstr ""
 "razones de rendimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr "proxy_max_children (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -6052,7 +6061,7 @@ msgstr ""
 "son encoladas."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -6061,12 +6070,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr "Dominios de aplicaciones"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -6095,7 +6104,7 @@ msgstr ""
 "que opcionalmente herede ajustes de un dominio SSSD tradicional."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -6107,17 +6116,17 @@ msgstr ""
 "establecido correctamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr "Parámetros de dominio de aplicación"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr "inherit_from (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -6130,7 +6139,7 @@ msgstr ""
 "<quote>hermano</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -6145,7 +6154,7 @@ msgstr ""
 "cache y hace al atributo phone alcanzable a través del interfaz D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6179,12 +6188,12 @@ msgstr ""
 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr "SECCIÓN DE DOMINIO DE CONFIANZA"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -6201,57 +6210,57 @@ msgstr ""
 "soportadas en la sección de dominio de confianza son:"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr "ldap_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr "ldap_user_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr "ldap_group_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr "ldap_netgroup_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr "ldap_service_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr "ldap_sasl_mech,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr "ad_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr "ad_backup_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr "ad_site,"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr "use_fully_qualified_names"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
@@ -6260,12 +6269,12 @@ msgstr ""
 "página de manual."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr "SECCIÓN DE MAPEO DEL CERTIFICADO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -6287,7 +6296,7 @@ msgstr ""
 "usan autenticación PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -6299,7 +6308,7 @@ msgstr ""
 "citerefentry>)."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -6313,12 +6322,12 @@ msgstr ""
 "opciones:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr "matchrule (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
@@ -6327,7 +6336,7 @@ msgstr ""
 "procesados, los demás son ignorados."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
@@ -6336,17 +6345,17 @@ msgstr ""
 "tengan Extended Key Usage <quote>clientAuth</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr "maprule (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr "Define como se encuentra un usuario desde un certificado dado."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
@@ -6355,7 +6364,7 @@ msgstr ""
 "como <quote>ldap</quote>, <quote>AD</quote> o <quote>ipa</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -6363,12 +6372,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr "domains (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -6381,17 +6390,17 @@ msgstr ""
 "usada para añadir la regla a los subdominios también."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr "Predetermiado: el dominio configurado en sssd.conf"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr "priority (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -6402,12 +6411,12 @@ msgstr ""
 "más alte mientras que <quote>4294967295</quote> es la más baja."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr "Predeterminado: la prioridad más baja"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
@@ -6417,7 +6426,7 @@ msgstr ""
 "propiedades especiales:"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
@@ -6426,7 +6435,7 @@ msgstr ""
 "usuario coincidente"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -6439,17 +6448,17 @@ msgstr ""
 "short_name})</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr "la opción <quote>domains</quote> es ignorada"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr "SECCIÓN DE CONFIGURACIÓN INICIAL"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -6464,7 +6473,7 @@ msgstr ""
 "al usuario las credenciales apropiadas."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -6477,22 +6486,22 @@ msgstr ""
 "Las siguientes opciones deberían suministrar una mejor flexibilidad aquí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr "[prompting/password]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr "password_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr "cambiar la cadena de solicitud de contraseña"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -6501,37 +6510,37 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr "[prompting/2fa]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr "first_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr "para cambiar la cadena de la solicitud del primer factor"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr "second_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr "para cambiar la cadena de la solicitud para el segundo factor"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr "single_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 #, fuzzy
 #| msgid ""
 #| "boolean value, if True there will be only a single prompt using the value "
@@ -6548,7 +6557,7 @@ msgstr ""
 "única cadena"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -6557,7 +6566,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -6568,19 +6577,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 #, fuzzy
 #| msgid "[prompting/password]"
 msgid "[prompting/passkey]"
 msgstr "[prompting/password]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -6588,47 +6597,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 #, fuzzy
 #| msgid "first_prompt"
 msgid "interactive_prompt"
 msgstr "first_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 #, fuzzy
 #| msgid "to change the string of the password prompt"
 msgid "to change the message of the interactive prompt."
 msgstr "cambiar la cadena de solicitud de contraseña"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 #, fuzzy
 #| msgid "first_prompt"
 msgid "touch_prompt"
 msgstr "first_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 #, fuzzy
 #| msgid "to change the string of the password prompt"
 msgid "to change the message of the touch prompt."
 msgstr "cambiar la cadena de solicitud de contraseña"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 #, fuzzy
 #| msgid ""
 #| "to configure two-factor authentication prompting, allowed options are: "
@@ -6641,7 +6650,7 @@ msgstr ""
 "permitidas son: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 #, fuzzy
 #| msgid ""
 #| "Each supported authentication method has its own configuration subsection "
@@ -6660,7 +6669,7 @@ msgstr ""
 "type=\"variablelist\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -6671,12 +6680,12 @@ msgstr ""
 "pregunta para este servicio."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr "EJEMPLOS"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[sssd]\n"
@@ -6754,7 +6763,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -6767,7 +6776,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -6777,7 +6786,7 @@ msgstr ""
 "use_fully_qualified_names = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -6794,7 +6803,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[certmap/my.domain/rule_name]\n"
@@ -6822,7 +6831,7 @@ msgstr ""
 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$&lt;SUBJECT&gt;^CN=User.Name,DC=MY,DC=DOMAIN$\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 #, fuzzy
 #| msgid ""
 #| "3. The following example shows the configuration for two certificate "
@@ -7555,7 +7564,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "Predeterminado: 900 (15 minutos)"
 
@@ -7664,12 +7673,22 @@ msgstr "Deshabilitar la recuperación del rango de Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
-msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+#, fuzzy
+#| msgid ""
+#| "Active Directory limits the number of members to be retrieved in a single "
+#| "lookup using the MaxValRange policy (which defaults to 1500 members). If "
+#| "a group contains more members, the reply would include an AD-specific "
+#| "range extension. This option disables parsing of the range extension, "
+#| "therefore large groups will appear as having no members."
+msgid ""
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 "Active Directory limita el número de miembros a recuperar en una única "
 "búsqueda usando la política MaxValRange (que está predeterminada a 1500 "
@@ -7679,12 +7698,12 @@ msgstr ""
 "miembros."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -7695,19 +7714,19 @@ msgstr ""
 "de esta opción son definidos por OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
 "conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -7715,12 +7734,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -7731,7 +7750,7 @@ msgstr ""
 "deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -7748,7 +7767,7 @@ msgstr ""
 "lo soporta y auncia el control de la desreferencia en el objeto rootDSE."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -7761,7 +7780,7 @@ msgstr ""
 "soportados son 389/RHDS, OpenLDAP y Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -7772,14 +7791,14 @@ msgstr ""
 "será deshabilitado sin tener en cuenta este ajuste."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 #, fuzzy
 #| msgid "ad_gpo_ignore_unreadable (boolean)"
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr "ad_gpo_ignore_unreadable (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -7787,7 +7806,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -7795,12 +7814,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -7810,7 +7829,7 @@ msgstr ""
 "los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -7819,7 +7838,7 @@ msgstr ""
 "certificado de servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7830,7 +7849,7 @@ msgstr ""
 "certificado malo, será ignorado y la sesión continua normalmente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7841,7 +7860,7 @@ msgstr ""
 "certificado malo, la sesión se termina inmediatamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -7852,22 +7871,22 @@ msgstr ""
 "termina inmediatamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Predeterminado: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -7876,7 +7895,7 @@ msgstr ""
 "de Certificación que <command>sssd</command> reconocerá."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -7885,12 +7904,12 @@ msgstr ""
 "etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -7912,33 +7931,33 @@ msgstr ""
 "para crear los nombres correctos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 "Especifica el fichero que contiene el certificado para la clave del cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "Especifica el archivo que contiene la clave del cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -7949,12 +7968,12 @@ msgstr ""
 "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 #, fuzzy
 #| msgid ""
 #| "Specifies that the id_provider connection must also use <systemitem "
@@ -7968,12 +7987,12 @@ msgstr ""
 "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -7984,18 +8003,18 @@ msgstr ""
 "ldap_user_uid_number y ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr "ldap_min_id, ldap_max_id (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -8013,17 +8032,17 @@ msgstr ""
 "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
@@ -8032,7 +8051,7 @@ msgstr ""
 "soportados GSSAPI y GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -8049,12 +8068,12 @@ msgstr ""
 "manvolnum></citerefentry> para más detalles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -8074,7 +8093,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -8094,17 +8113,17 @@ msgstr ""
 "principal en la pestaña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "Por defecto: host/nombre_de_host@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -8115,17 +8134,17 @@ msgstr ""
 "reino también, esta opción se ignora."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "Por defecto: el valor de krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -8134,34 +8153,34 @@ msgstr ""
 "para para canocalizar el nombre de host durante una unión SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Predeterminado: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -8172,12 +8191,12 @@ msgstr ""
 "es GSSAPI o GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
@@ -8185,17 +8204,17 @@ msgstr ""
 "SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Predeterminado: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -8214,7 +8233,7 @@ msgstr ""
 "información, vea la sección <quote>SERVICE DISCOVERY</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -8225,7 +8244,7 @@ msgstr ""
 "regresa a _tcp si no se encuentra nada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -8237,30 +8256,30 @@ msgstr ""
 "configuración para usar <quote>krb5_server</quote> en su lugar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -8269,12 +8288,12 @@ msgstr ""
 "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -8289,7 +8308,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -8301,12 +8320,12 @@ msgstr ""
 "localizador."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -8315,7 +8334,7 @@ msgstr ""
 "del cliente. Los siguientes valores son permitidos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -8324,7 +8343,7 @@ msgstr ""
 "no puede deshabilitar las políticas de password en el lado servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 #, fuzzy
 #| msgid ""
 #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
@@ -8341,7 +8360,7 @@ msgstr ""
 "manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -8353,7 +8372,7 @@ msgstr ""
 "password."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -8363,19 +8382,19 @@ msgstr ""
 "establecida por esta opción."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Especifica si el seguimiento de referencias automático debería ser "
 "habilitado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -8384,7 +8403,7 @@ msgstr ""
 "está compilado con OpenLDAP versión 2.4.13 o más alta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 #, fuzzy
 #| msgid ""
 #| "Chasing referrals may incur a performance penalty in environments that "
@@ -8407,29 +8426,29 @@ msgstr ""
 "esta opción a false le llevará a una notable mejora de rendimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Especifica el nombre del servicio para utilizar cuando está habilitado el "
 "servicio de descubrimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Predeterminado: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -8439,17 +8458,17 @@ msgstr ""
 "descubrimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -8458,7 +8477,7 @@ msgstr ""
 "desde el Epoch después de una operación de cambio de contraseña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -8467,12 +8486,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -8500,12 +8519,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Ejemplo:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -8517,7 +8536,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -8526,7 +8545,7 @@ msgstr ""
 "usuarios cuyo atributo employeeType esté establecido a \"admin\"."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -8539,17 +8558,17 @@ msgstr ""
 "se les seguirán otorgando acceso sin conexión y viceversa."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "Predeterminado: vacío"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -8558,7 +8577,7 @@ msgstr ""
 "control de acceso del lado cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -8569,12 +8588,12 @@ msgstr ""
 "una código de error definible aunque el password sea correcto."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Los siguientes valores están permitidos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -8583,7 +8602,7 @@ msgstr ""
 "determinar si la cuenta ha expirado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -8596,7 +8615,7 @@ msgstr ""
 "se comprueba el tiempo de expiración de la cuenta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -8607,7 +8626,7 @@ msgstr ""
 "el acceso o no."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -8620,7 +8639,7 @@ msgstr ""
 "permitido. Si ambos atributos están desaparecidos se concede el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -8631,24 +8650,24 @@ msgstr ""
 "la opción ldap_account_expire_policy funcione."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Lista separada por coma de opciones de control de acceso.  Los valores "
 "permitidos son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8664,7 +8683,7 @@ msgstr ""
 "funciones."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
@@ -8674,7 +8693,7 @@ msgstr ""
 "</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8696,12 +8715,12 @@ msgstr ""
 "estar establecido para que esta característica funcione."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -8716,31 +8735,31 @@ msgstr ""
 "método distinto a las contraseñas - por ejemplo claves SSH."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 #, fuzzy
 #| msgid ""
 #| "Please note that 'access_provider = ldap' must be set for this feature to "
@@ -8756,7 +8775,7 @@ msgstr ""
 "para una política de contraseña apropiada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -8765,13 +8784,13 @@ msgstr ""
 "autorizedService para determinar el acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
@@ -8780,7 +8799,7 @@ msgstr ""
 "host remoto puede acceder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
@@ -8790,12 +8809,12 @@ msgstr ""
 "opción de control de acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Predeterminado: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -8804,12 +8823,12 @@ msgstr ""
 "una vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -8823,22 +8842,22 @@ msgstr ""
 "LDAP no pueden verificarse correctamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -8847,13 +8866,13 @@ msgstr ""
 "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -8863,7 +8882,7 @@ msgstr ""
 "búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -8872,7 +8891,7 @@ msgstr ""
 "cuando se localice el objeto base de la búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -8881,7 +8900,7 @@ msgstr ""
 "para la búsqueda como en la localización del objeto base de la búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -8890,12 +8909,12 @@ msgstr ""
 "librerías cliente LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -8904,7 +8923,7 @@ msgstr ""
 "servidores que usan el esquema RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -8922,7 +8941,7 @@ msgstr ""
 "llamadas getpw*() o initgroups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -8933,12 +8952,12 @@ msgstr ""
 "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr "wildcard_limit (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
@@ -8947,53 +8966,53 @@ msgstr ""
 "descargadas durante una búsqueda de comodín."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "debug_level (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 #, fuzzy
 #| msgid "Default: 0 (disabled)"
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "Predeterminado: 0 (deshabilitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_id_mapping (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -9001,14 +9020,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -9039,12 +9058,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "OPCIONES SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -9055,12 +9074,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -9070,7 +9089,7 @@ msgstr ""
 "servidor)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -9079,24 +9098,24 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "Por defecto: 21600 (6 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -9108,7 +9127,7 @@ msgstr ""
 "actualmente SSSD)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -9117,7 +9136,7 @@ msgstr ""
 "atributo modifyTimestamp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -9133,21 +9152,21 @@ msgstr ""
 "<emphasis>ldap_connection_expire_timeout</emphasis>)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_idmap_range_size (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -9155,7 +9174,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -9163,17 +9182,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -9182,12 +9201,12 @@ msgstr ""
 "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -9196,7 +9215,7 @@ msgstr ""
 "totalmente cualificados que sería usada para filtrar las reglas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -9205,8 +9224,8 @@ msgstr ""
 "nombre de dominio totalmente cualificado automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -9215,17 +9234,17 @@ msgstr ""
 "emphasis> esta opción no tiene efecto."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "Por defecto: no especificado"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -9234,7 +9253,7 @@ msgstr ""
 "usada para filtrar las reglas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -9243,12 +9262,12 @@ msgstr ""
 "automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "sudo_include_netgroups (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -9257,12 +9276,12 @@ msgstr ""
 "atributo sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -9271,7 +9290,7 @@ msgstr ""
 "atributo sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
@@ -9280,7 +9299,7 @@ msgstr ""
 "del servidor LDAP!"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -9293,12 +9312,12 @@ msgstr ""
 "manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "OPCIONES AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
@@ -9307,47 +9326,47 @@ msgstr ""
 "esquema LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "El nombre del mapa maestro de montaje automático en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "Pfredeterminado: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "OPCIONES AVANZADAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -9360,22 +9379,22 @@ msgstr ""
 "función, si los nombres de grupo no están siendo visualizados correctamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -9388,14 +9407,14 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "EJEMPLO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -9406,7 +9425,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9426,7 +9445,7 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -9434,12 +9453,12 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
@@ -9448,7 +9467,7 @@ msgstr ""
 "ldap_access_order=lockout."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9474,13 +9493,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTAS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -9554,7 +9573,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "OPCIONES"
 
@@ -15374,7 +15393,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -15532,7 +15551,7 @@ msgstr "La contraseña a oscurecer será leída desde la entrada estándar."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -17446,8 +17465,13 @@ msgstr ""
 "refentrytitle> <manvolnum>1</manvolnum></citerefentry> configuration: "
 "<placeholder type=\"programlisting\" id=\"0\"/> "
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -17455,14 +17479,14 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-R</option>,<option>--no-remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -17470,12 +17494,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -17489,7 +17513,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -17497,7 +17521,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -17506,10 +17530,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index a50b655e28..cd4231e472 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-14 11:55-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -210,10 +210,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -232,10 +232,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -269,8 +269,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -300,8 +300,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -368,7 +368,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -388,12 +388,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -401,39 +401,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -590,8 +590,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -862,7 +862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -893,25 +893,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -919,7 +928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -938,12 +947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -952,22 +961,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -977,17 +986,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -997,17 +1006,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1018,14 +1027,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1033,44 +1042,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1079,58 +1088,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1142,58 +1151,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1201,7 +1210,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1211,7 +1220,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1220,17 +1229,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1238,17 +1247,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1256,17 +1265,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1275,7 +1284,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1284,41 +1293,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1326,23 +1335,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1350,47 +1359,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1398,113 +1407,113 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1512,25 +1521,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1538,19 +1547,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1558,12 +1567,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1572,12 +1581,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1588,43 +1597,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1633,60 +1642,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1694,59 +1703,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1755,51 +1764,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1810,23 +1819,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1834,7 +1843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1843,17 +1852,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1861,32 +1870,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1896,75 +1905,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1972,19 +1981,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1992,46 +2001,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2039,34 +2048,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2076,7 +2085,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2084,59 +2093,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2144,7 +2153,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2156,63 +2165,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2220,12 +2229,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2236,7 +2245,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2244,7 +2253,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2252,7 +2261,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2261,47 +2270,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2310,30 +2319,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2341,7 +2350,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2349,22 +2358,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2372,19 +2381,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2392,7 +2401,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2407,7 +2416,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2415,45 +2424,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2461,7 +2470,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2469,17 +2478,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2490,24 +2499,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2517,22 +2526,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2540,51 +2549,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2593,12 +2602,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2608,7 +2617,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2616,7 +2625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2625,38 +2634,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2667,7 +2676,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2678,24 +2687,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2703,19 +2712,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2724,7 +2733,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2733,24 +2742,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2761,24 +2770,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2786,24 +2795,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2815,7 +2824,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2826,60 +2835,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2889,66 +2898,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2956,17 +2965,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2974,7 +2983,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -2983,57 +2992,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3043,12 +3052,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3057,14 +3066,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3073,38 +3082,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3113,24 +3122,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3139,36 +3148,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3182,14 +3191,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3198,14 +3207,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3213,32 +3222,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3247,19 +3256,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3270,139 +3279,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3411,17 +3420,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3433,18 +3442,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3455,7 +3464,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3464,12 +3473,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3477,19 +3486,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3498,17 +3507,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3517,28 +3526,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3546,7 +3555,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3554,8 +3563,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3563,8 +3572,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3572,19 +3581,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3593,7 +3602,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3601,24 +3610,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3630,7 +3639,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3638,30 +3647,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3669,7 +3678,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3677,30 +3686,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3708,19 +3717,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3729,7 +3738,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3737,29 +3746,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3767,7 +3776,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3775,35 +3784,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3811,32 +3820,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3847,7 +3856,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3856,12 +3865,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3869,7 +3878,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3877,31 +3886,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3909,7 +3918,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3918,17 +3927,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3936,36 +3945,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3973,7 +3982,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3981,7 +3990,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3989,24 +3998,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4014,31 +4023,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4046,7 +4055,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4055,12 +4064,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4070,24 +4079,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4096,19 +4105,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4118,89 +4127,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4208,17 +4217,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4227,12 +4236,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4240,7 +4249,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4248,34 +4257,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4283,57 +4292,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 msgid "Default: 31"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4341,31 +4350,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4373,104 +4382,104 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4478,27 +4487,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4508,34 +4517,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4544,19 +4553,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4564,12 +4573,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4581,7 +4590,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4593,7 +4602,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4601,42 +4610,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4645,7 +4654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4656,7 +4665,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4664,36 +4673,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 msgid "Default: match"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4702,24 +4711,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4729,14 +4738,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4744,21 +4753,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4766,7 +4775,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4775,7 +4784,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4784,7 +4793,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4792,17 +4801,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4810,12 +4819,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4823,12 +4832,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4836,12 +4845,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4850,12 +4859,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4863,19 +4872,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4892,7 +4901,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4900,17 +4909,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4919,7 +4928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4929,7 +4938,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4949,12 +4958,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4965,69 +4974,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5040,7 +5049,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5048,7 +5057,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5057,43 +5066,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5101,12 +5110,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5115,17 +5124,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5133,26 +5142,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5161,17 +5170,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5181,7 +5190,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5190,59 +5199,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5251,7 +5260,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5260,7 +5269,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5271,17 +5280,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5289,46 +5298,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5337,7 +5346,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5345,12 +5354,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5379,7 +5388,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5388,7 +5397,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5396,7 +5405,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5407,7 +5416,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5418,7 +5427,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6001,7 +6010,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6088,20 +6097,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6109,17 +6121,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6127,12 +6139,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6140,7 +6152,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6151,7 +6163,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6160,7 +6172,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6168,12 +6180,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6181,7 +6193,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6189,26 +6201,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6216,7 +6228,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6224,7 +6236,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6232,41 +6244,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6276,32 +6288,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6309,12 +6321,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6322,12 +6334,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6335,17 +6347,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6356,24 +6368,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6384,12 +6396,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6402,7 +6414,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6414,17 +6426,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6432,49 +6444,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6482,28 +6494,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6515,7 +6527,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6523,7 +6535,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6531,39 +6543,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6573,7 +6585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6581,26 +6593,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6609,7 +6621,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6617,31 +6629,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6654,51 +6666,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6707,12 +6719,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6728,12 +6740,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6742,14 +6754,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6758,24 +6770,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6783,19 +6795,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6804,7 +6816,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6812,7 +6824,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6821,7 +6833,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6829,22 +6841,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6854,14 +6866,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6874,12 +6886,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6889,31 +6901,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6921,50 +6933,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6973,74 +6985,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7051,7 +7063,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7059,58 +7071,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7118,12 +7130,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7146,12 +7158,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7159,43 +7171,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7203,14 +7215,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7220,19 +7232,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7240,7 +7252,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7248,106 +7260,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7356,59 +7368,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7417,22 +7429,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7441,14 +7453,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7456,7 +7468,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7469,7 +7481,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7477,19 +7489,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7505,13 +7517,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7566,7 +7578,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr ""
 
@@ -12425,7 +12437,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12557,7 +12569,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14301,19 +14313,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14321,12 +14338,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14340,7 +14357,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14348,7 +14365,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14357,10 +14374,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/fi.po b/src/man/po/fi.po
index d4d5694bea..3ad899d89c 100644
--- a/src/man/po/fi.po
+++ b/src/man/po/fi.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2022-03-20 19:16+0000\n"
 "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n"
 "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/"
@@ -206,10 +206,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -228,10 +228,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -265,8 +265,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -296,8 +296,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -364,7 +364,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -384,12 +384,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -397,39 +397,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "käyttäjänimi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -590,8 +590,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -862,7 +862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Oletus: ei asetettu"
@@ -893,25 +893,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -919,7 +928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -938,12 +947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -952,22 +961,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -977,17 +986,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -997,17 +1006,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1018,14 +1027,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1033,44 +1042,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout_max (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1079,58 +1088,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr "Oletus: 3600"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout_random_offset (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr "Oletus: 30"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1142,58 +1151,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1201,7 +1210,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1211,7 +1220,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1220,17 +1229,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1238,17 +1247,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1256,17 +1265,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1275,7 +1284,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1284,41 +1293,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1326,23 +1335,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1350,47 +1359,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1398,113 +1407,113 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "Oletuskomentorivitulkki"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr "memcache_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr "memcache_size_passwd (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1512,25 +1521,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr "memcache_size_group (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1538,19 +1547,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr "memcache_size_initgroups (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1558,14 +1567,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "memcache_size_passwd (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "memcache_size_passwd (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1574,12 +1583,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1590,43 +1599,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr "Oletus: <quote>*</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1635,60 +1644,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1696,59 +1705,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1757,51 +1766,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1812,23 +1821,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1836,7 +1845,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1845,17 +1854,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1863,32 +1872,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1898,75 +1907,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Oletus: ei mitään"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1974,19 +1983,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1994,46 +2003,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Oletus:tosi"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Oletus:epätosi"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2041,34 +2050,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr "Oletus:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2078,7 +2087,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2088,61 +2097,61 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "entry_cache_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "entry_cache_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2150,7 +2159,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2162,63 +2171,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "kirjautuminen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2226,12 +2235,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2242,7 +2251,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2250,7 +2259,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2258,7 +2267,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2267,47 +2276,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr "aina"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr "Ei koskaan"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2316,30 +2325,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2347,7 +2356,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2357,22 +2366,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2380,19 +2389,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2400,7 +2409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2415,7 +2424,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2423,45 +2432,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2469,7 +2478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2477,17 +2486,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr "Oletus: ei asetettu(todennusindikaattoreiden käyttöä ei vaadita)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2498,24 +2507,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2525,22 +2534,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2548,51 +2557,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2601,12 +2610,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2616,7 +2625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2624,7 +2633,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2633,38 +2642,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2675,7 +2684,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2686,24 +2695,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2711,19 +2720,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2732,7 +2741,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2741,24 +2750,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2769,26 +2778,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 #, fuzzy
 #| msgid "present"
 msgid "pac_present"
 msgstr "nykyinen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2796,24 +2805,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2825,7 +2834,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2836,60 +2845,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2899,66 +2908,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2966,17 +2975,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2984,7 +2993,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -2993,57 +3002,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr "käytössä"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3053,12 +3062,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3067,14 +3076,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3083,38 +3092,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3123,24 +3132,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3149,36 +3158,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3192,14 +3201,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3208,14 +3217,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3223,32 +3232,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "kaikki"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "Ei mitään"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3257,19 +3266,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3280,139 +3289,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3421,17 +3430,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3443,18 +3452,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3465,7 +3474,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3474,12 +3483,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3487,19 +3496,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3508,17 +3517,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3527,28 +3536,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3556,7 +3565,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3564,8 +3573,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3573,8 +3582,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3582,19 +3591,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3603,7 +3612,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3611,24 +3620,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3640,7 +3649,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3648,30 +3657,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3679,7 +3688,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3687,30 +3696,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3718,19 +3727,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3739,7 +3748,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3747,29 +3756,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3777,7 +3786,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3785,35 +3794,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3821,32 +3830,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3857,7 +3866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3866,12 +3875,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3879,7 +3888,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3887,31 +3896,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3919,7 +3928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3928,17 +3937,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3946,36 +3955,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3983,7 +3992,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3991,7 +4000,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3999,24 +4008,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4024,31 +4033,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4056,7 +4065,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4065,12 +4074,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4080,24 +4089,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "käyttäjänimi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4106,19 +4115,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4128,89 +4137,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_server_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_op_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4218,17 +4227,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4237,14 +4246,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_server_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_server_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4252,7 +4261,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4260,38 +4269,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 #, fuzzy
 #| msgid "Default: True"
 msgid "Default: TRUE"
 msgstr "Oletus:tosi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "dns_resolver_op_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "dns_resolver_op_timeout (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4299,59 +4308,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 30"
 msgid "Default: 31"
 msgstr "Oletus: 30"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "epätosi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4359,31 +4368,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4391,124 +4400,124 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout"
 msgid "ldap_search_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_network_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout"
 msgid "ldap_opt_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_offline_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout"
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_enumeration_search_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_connection_expire_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_connection_expire_offset"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "client_idle_timeout"
 msgid "ldap_connection_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4518,27 +4527,27 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4548,34 +4557,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4584,19 +4593,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4604,14 +4613,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_user_principal"
 msgid "local_auth_policy (string)"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4623,7 +4632,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4635,7 +4644,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4643,46 +4652,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_user_principal"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 #, fuzzy
 #| msgid "enabled"
 msgid "disabled"
 msgstr "käytössä"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4691,7 +4700,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4702,7 +4711,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4710,38 +4719,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: true"
 msgid "Default: match"
 msgstr "Oletus:tosi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr "tosi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4750,24 +4759,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr "epätosi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4777,14 +4786,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4792,21 +4801,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4814,7 +4823,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4823,7 +4832,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4832,7 +4841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4840,17 +4849,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4858,12 +4867,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4871,12 +4880,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4884,12 +4893,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4898,12 +4907,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4911,19 +4920,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4940,7 +4949,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4948,17 +4957,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4967,7 +4976,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4977,7 +4986,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4997,12 +5006,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5013,69 +5022,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5088,7 +5097,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5096,7 +5105,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5105,43 +5114,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5149,12 +5158,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5163,17 +5172,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5181,26 +5190,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5209,17 +5218,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5229,7 +5238,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5238,59 +5247,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5299,7 +5308,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5308,7 +5317,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5319,17 +5328,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5337,46 +5346,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5385,7 +5394,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5393,12 +5402,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5427,7 +5436,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5436,7 +5445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5444,7 +5453,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5455,7 +5464,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5466,7 +5475,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6049,7 +6058,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6138,20 +6147,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6159,17 +6171,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6177,12 +6189,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6190,7 +6202,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6201,7 +6213,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6210,7 +6222,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6218,12 +6230,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6231,7 +6243,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6239,26 +6251,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6266,7 +6278,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6274,7 +6286,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6282,41 +6294,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6326,32 +6338,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6359,12 +6371,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6372,12 +6384,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6385,17 +6397,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6406,24 +6418,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6434,12 +6446,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6452,7 +6464,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6464,17 +6476,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6482,49 +6494,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Oletus: epätosi;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6532,28 +6544,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6565,7 +6577,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6573,7 +6585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6581,39 +6593,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6623,7 +6635,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6631,26 +6643,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6659,7 +6671,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6667,31 +6679,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6704,51 +6716,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6757,12 +6769,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6778,12 +6790,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Esimerkki:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6792,14 +6804,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6808,24 +6820,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6833,19 +6845,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6854,7 +6866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6862,7 +6874,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6871,7 +6883,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6879,22 +6891,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6904,14 +6916,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6924,12 +6936,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6939,31 +6951,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6971,50 +6983,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7023,74 +7035,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7101,7 +7113,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7109,58 +7121,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr "ldap_library_debug_level (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7168,14 +7180,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_library_debug_level (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_library_debug_level (integeri)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7198,12 +7210,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7211,43 +7223,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7255,14 +7267,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7272,19 +7284,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7292,7 +7304,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7300,106 +7312,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7408,59 +7420,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7469,22 +7481,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7493,14 +7505,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7508,7 +7520,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7521,7 +7533,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7529,19 +7541,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7557,13 +7569,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7618,7 +7630,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "VALINNAT"
 
@@ -12481,7 +12493,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12613,7 +12625,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14357,19 +14369,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14377,12 +14394,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14396,7 +14413,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14404,7 +14421,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14413,10 +14430,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 28f97ebadf..6ac9701350 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -17,7 +17,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2020-07-22 07:49-0400\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
@@ -251,10 +251,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -276,10 +276,10 @@ msgstr ""
 "sera ignorée."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -315,8 +315,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -346,8 +346,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Par défaut : 10"
 
@@ -426,7 +426,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (chaîne)"
 
@@ -448,12 +448,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -465,33 +465,33 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "nom d'utilisateur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -501,7 +501,7 @@ msgstr ""
 "d'approbation IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -680,8 +680,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -966,7 +966,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Par défaut : non défini"
@@ -1001,29 +1001,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "ldap_user_certificate (string)"
 msgid "passkey_verification (string)"
 msgstr "ldap_user_certificate (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "ldap_user_certificate (string)"
 msgid "user_verification (boolean)"
 msgstr "ldap_user_certificate (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1031,7 +1040,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -1062,12 +1071,12 @@ msgstr ""
 "l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "SECTIONS DE SERVICES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1080,22 +1089,22 @@ msgstr ""
 "section doit être <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Options générales de configuration de service"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Ces options peuvent être utilisées pour configurer les services."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1110,17 +1119,17 @@ msgstr ""
 "valeur inférieure  ou la limite « hard » de limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1130,19 +1139,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 60, KCM: 300"
 msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1153,14 +1162,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1168,46 +1177,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Par défaut : 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "offline_timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1216,66 +1225,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "offline_timeout + random_offset"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 #, fuzzy
 #| msgid "offline_timeout + random_offset"
 msgid "[0 - offline_timeout_random_offset]"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1287,30 +1296,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "Options de configuration NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1318,12 +1327,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1332,17 +1341,17 @@ msgstr ""
 "énumérations (requêtes sur les informations de tous les utilisateurs)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Par défaut : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1353,7 +1362,7 @@ msgstr ""
 "valeur de entry_cache_timeout pour le domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1369,7 +1378,7 @@ msgstr ""
 "cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1382,17 +1391,17 @@ msgstr ""
 "de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Par défaut : 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1404,17 +1413,17 @@ msgstr ""
 "appel au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Par défaut : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1422,17 +1431,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1441,7 +1450,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1450,17 +1459,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Par défaut : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1468,12 +1477,12 @@ msgstr ""
 "membres de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1482,7 +1491,7 @@ msgstr ""
 "explicitement spécifié par le fournisseur de données du domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1490,7 +1499,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1500,25 +1509,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Par défaut : non défini (aucune substitution pour les répertoires d'accueil "
 "non définis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1530,17 +1539,17 @@ msgstr ""
 "section [nss], soit par domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1548,14 +1557,14 @@ msgstr ""
 "indiquées. L'ordre d'évaluation est :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
 "quote>, il est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1565,7 +1574,7 @@ msgstr ""
 "« shell_fallback » sera utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1574,12 +1583,12 @@ msgstr ""
 "ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1587,14 +1596,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 "Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est "
 "à la libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1604,31 +1613,31 @@ msgstr ""
 "est installé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
 "utilisé automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 "Remplace toutes les occurences de ces interpréteurs de commandes par "
 "l'interpréteur de commandes par défaut"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1636,17 +1645,17 @@ msgstr ""
 "commandes autorisé n'est pas installé sur la machine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Par défaut : /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1656,7 +1665,7 @@ msgstr ""
 "choix soit dans la section [nss], soit par domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1666,12 +1675,12 @@ msgstr ""
 "nécessaire, habituellement /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (int)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1680,43 +1689,43 @@ msgstr ""
 "jugée valide."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1724,27 +1733,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr "Par défaut : 8"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1752,21 +1761,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Par défaut : 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1774,14 +1783,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1790,12 +1799,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1806,38 +1815,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr "Par défaut : non défini, repli sur l'option InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>permit</quote>"
 msgid "Default: <quote>*</quote>"
 msgstr "Par défaut : <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 #, fuzzy
 #| msgid "This option can also be set per-domain."
 msgid ""
@@ -1846,7 +1855,7 @@ msgid ""
 msgstr "Cette option peut aussi être définie pour chaque domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1855,12 +1864,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "Options de configuration de PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1869,12 +1878,12 @@ msgstr ""
 "Module (PAM)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1884,17 +1893,17 @@ msgstr ""
 "connexion réussie)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Par défaut : 0 (pas de limite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1903,12 +1912,12 @@ msgstr ""
 "échouées sont autorisées."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1918,7 +1927,7 @@ msgstr ""
 "soit possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1929,17 +1938,17 @@ msgstr ""
 "connexion réussie en ligne peut réactiver l'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Par défaut : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1949,46 +1958,46 @@ msgstr ""
 "affichés sera important."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "Actuellement sssd supporte les valeurs suivantes :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis> : afficher tous les messages et informations de "
 "débogage"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Par défaut : 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "ad_access_filter (string)"
 msgid "pam_response_filter (string)"
 msgstr "ad_access_filter (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1997,51 +2006,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2052,23 +2061,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2080,7 +2089,7 @@ msgstr ""
 "les dernières informations."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2094,17 +2103,17 @@ msgstr ""
 "fournisseur d'identité."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2115,7 +2124,7 @@ msgstr ""
 "ne peut afficher de message d'alerte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -2125,7 +2134,7 @@ msgstr ""
 "sera automatiquement affiché."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -2134,18 +2143,18 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Par défaut : 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2155,37 +2164,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 "Deux valeurs spéciales pour l'option pam_public_domains sont définies :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -2193,7 +2202,7 @@ msgstr ""
 "à tous les domaines PAM dans le répondeur.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -2202,33 +2211,33 @@ msgstr ""
 "autorisés à accéder à un des domaines PAM dans le répondeur.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Par défaut : aucun"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2236,19 +2245,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2256,48 +2265,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 #, fuzzy
 #| msgid "ldap_chpass_update_last_change (bool)"
 msgid "pam_passkey_auth (bool)"
 msgstr "ldap_chpass_update_last_change (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Par défaut : True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Par défaut : False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2305,36 +2314,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "ldap_user_certificate (string)"
 msgid "pam_cert_verification (string)"
 msgstr "ldap_user_certificate (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2344,7 +2353,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, fuzzy, no-wrap
 #| msgid ""
 #| "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -2357,63 +2366,63 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "pam_id_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "ad_gpo_map_service (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "ad_gpo_map_service (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2421,7 +2430,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2433,63 +2442,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2497,12 +2506,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2513,7 +2522,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2521,7 +2530,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2529,7 +2538,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2538,47 +2547,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2587,19 +2596,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 #, fuzzy
 #| msgid "ad_gpo_map_service (string)"
 msgid "pam_gssapi_services"
 msgstr "ad_gpo_map_service (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 #, fuzzy
 #| msgid "Comma separated list of users who are allowed to log in."
 msgid ""
@@ -2609,13 +2618,13 @@ msgstr ""
 "Liste séparée par des virgules d'utilisateurs autorisés à se connecter."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2623,7 +2632,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, fuzzy, no-wrap
 #| msgid ""
 #| "fallback_homedir = /home/%u\n"
@@ -2636,22 +2645,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2659,19 +2668,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2679,7 +2688,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2694,7 +2703,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2702,45 +2711,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2748,7 +2757,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2756,7 +2765,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 #, fuzzy
 #| msgid "Default: not set (no substitution for unset home directories)"
 msgid "Default: not set (use of authentication indicators is not required)"
@@ -2765,12 +2774,12 @@ msgstr ""
 "non définis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "Options de configuration de SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2787,12 +2796,12 @@ msgstr ""
 "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2801,12 +2810,12 @@ msgstr ""
 "les entrées sudoers sensibles au temps."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2816,22 +2825,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "Options de configuration AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr "Ces options peuvent être utilisées pour configurer le service autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2843,23 +2852,23 @@ msgstr ""
 "moteur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "Options de configuration SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 "Les options suivantes peuvent être utilisées pour configurer le service SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2867,12 +2876,12 @@ msgstr ""
 "Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2881,17 +2890,17 @@ msgstr ""
 "known_hosts géré après que ses clés de système ont été demandés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "Par défaut : 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2900,12 +2909,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2915,7 +2924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2923,7 +2932,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2932,38 +2941,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "Options de configuration du répondeur PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2974,7 +2983,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2985,7 +2994,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2994,19 +3003,19 @@ msgstr ""
 "ajouté à ces groupes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Les options suivantes peuvent être utilisées pour configurer le répondeur "
 "PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -3017,7 +3026,7 @@ msgstr ""
 "seront résolus en UID au démarrage."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 #, fuzzy
 #| msgid ""
 #| "Default: 0 (only the root user is allowed to access the PAC responder)"
@@ -3029,14 +3038,14 @@ msgstr ""
 "PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
 "PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 #, fuzzy
 #| msgid ""
 #| "Please note that although the UID 0 is used as the default it will be "
@@ -3055,7 +3064,7 @@ msgstr ""
 "0 à la liste des UID d'utilisateurs autorisés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -3068,26 +3077,26 @@ msgstr ""
 "0 à la liste des UID d'utilisateurs autorisés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "ldap_schema (string)"
 msgid "pac_check (string)"
 msgstr "ldap_schema (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3098,24 +3107,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3123,24 +3132,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3152,7 +3161,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3163,41 +3172,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -3210,19 +3219,19 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3232,66 +3241,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3299,17 +3308,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3317,7 +3326,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3326,65 +3335,65 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "exclude_users (string)"
 msgstr "simple_deny_users (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No users excluded."
 msgstr "Par défaut : vide, ldap_uri est donc utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "simple_deny_groups (string)"
 msgid "exclude_groups (string)"
 msgstr "simple_deny_groups (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No groups excluded."
 msgstr "Par défaut : vide, ldap_uri est donc utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "SECTIONS DOMAINES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3394,12 +3403,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3408,14 +3417,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3424,31 +3433,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3457,7 +3466,7 @@ msgstr ""
 "dehors de ces limites, elle est ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3470,7 +3479,7 @@ msgstr ""
 "qui sont dans la plage seront rapportés comme prévu."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -3479,17 +3488,17 @@ msgstr ""
 "pas seulement leur recherche par nom ou identifiant."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3498,36 +3507,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = utilisateurs et groupes sont énumérés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = aucune énumération pour ce domaine"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Par défaut : FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3541,7 +3550,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3551,7 +3560,7 @@ msgstr ""
 "l'énumération ne se termine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3565,7 +3574,7 @@ msgstr ""
 "fournisseur d'identité spécifique utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -3574,7 +3583,7 @@ msgstr ""
 "déconseillée, surtout dans les environnements de grande taille."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3582,32 +3591,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Tous les domaines approuvés découverts seront énumérés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Aucun domaine approuvé découvert ne sera énuméré"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3621,12 +3630,12 @@ msgstr ""
 "activer l'énumération pour ces seuls domaines."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -3635,7 +3644,7 @@ msgstr ""
 "comme valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3653,17 +3662,17 @@ msgstr ""
 "rafraîchissement des entrées qui sont déjà en cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Par défaut : 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -3672,19 +3681,19 @@ msgstr ""
 "d'utilisateurs comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "Par défaut : entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -3693,12 +3702,12 @@ msgstr ""
 "groupes comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -3707,12 +3716,12 @@ msgstr ""
 "netgroup comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -3721,24 +3730,24 @@ msgstr ""
 "service valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -3747,12 +3756,12 @@ msgstr ""
 "valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -3761,12 +3770,12 @@ msgstr ""
 "cartes d'automontage comme valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -3775,24 +3784,24 @@ msgstr ""
 "rafraichissement. I.e. combien de temps mettre la clé en cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -3802,7 +3811,7 @@ msgstr ""
 "enregistrements expirés ou sur le point de l'être."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3811,18 +3820,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3834,18 +3843,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "Par défaut : 0 (désactivé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3856,7 +3865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3865,12 +3874,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3878,19 +3887,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3903,17 +3912,17 @@ msgstr ""
 "paramètre doit être supérieur ou égal à offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Par défaut : 0 (illimité)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3926,17 +3935,17 @@ msgstr ""
 "fournisseur oauth doit être configuré pour le moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -3944,12 +3953,12 @@ msgstr ""
 "d'identification pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3957,7 +3966,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3969,8 +3978,8 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 #, fuzzy
 #| msgid ""
 #| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
@@ -3988,8 +3997,8 @@ msgstr ""
 "configuration de FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4001,12 +4010,12 @@ msgstr ""
 "d'Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -4016,7 +4025,7 @@ msgstr ""
 "communiqué à NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -4030,7 +4039,7 @@ msgstr ""
 "trouve."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -4042,24 +4051,24 @@ msgstr ""
 "qualifié sera demandé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -4071,7 +4080,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -4079,23 +4088,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -4104,7 +4113,7 @@ msgstr ""
 "pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4116,7 +4125,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4127,7 +4136,7 @@ msgstr ""
 "citerefentry> pour plus d'informations sur la configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -4135,12 +4144,12 @@ msgstr ""
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> désactive l'authentification explicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4149,12 +4158,12 @@ msgstr ""
 "gérer les requêtes d'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4165,7 +4174,7 @@ msgstr ""
 "installés). Les fournisseurs internes spécifiques sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -4174,12 +4183,12 @@ msgstr ""
 "d'accès autorisé pour un domaine local."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> toujours refuser les accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4192,7 +4201,7 @@ msgstr ""
 "d'informations sur la configuration du module d'accès simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4200,22 +4209,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Par défaut : <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4224,7 +4233,7 @@ msgstr ""
 "domaine. Les fournisseurs pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4232,7 +4241,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4244,7 +4253,7 @@ msgstr ""
 "Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -4252,14 +4261,14 @@ msgstr ""
 "autre cible PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> pour désactiver explicitement le changement de mot de "
 "passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4268,19 +4277,19 @@ msgstr ""
 "peut gérer les changements de mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Le fournisseur SUDO, utilisé pour le domaine.  Les fournisseurs SUDO pris en "
 "charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4292,7 +4301,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -4301,7 +4310,7 @@ msgstr ""
 "par défaut pour IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -4310,20 +4319,20 @@ msgstr ""
 "par défaut pour AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> désactive explicitement SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle "
 "est définie."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4334,7 +4343,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4343,12 +4352,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4359,7 +4368,7 @@ msgstr ""
 "fournisseur d'accès.  Les fournisseurs selinux pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4371,14 +4380,14 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> n'autorise pas la récupération explicite des paramètres "
 "selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -4387,12 +4396,12 @@ msgstr ""
 "gérer le chargement selinux"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -4402,7 +4411,7 @@ msgstr ""
 "fournisseurs de sous-domaine pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4414,7 +4423,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4423,18 +4432,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 "<quote>none</quote> désactive la récupération explicite des sous-domaines."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4442,30 +4451,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -4473,7 +4482,7 @@ msgstr ""
 "en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4485,7 +4494,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4497,7 +4506,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4505,17 +4514,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> désactive explicitement autofs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -4524,7 +4533,7 @@ msgstr ""
 "systèmes.  Les fournisseurs de hostid pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4536,31 +4545,31 @@ msgstr ""
 "configuration de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> désactive explicitement hostid."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4568,7 +4577,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4577,12 +4586,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4598,7 +4607,7 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 #, fuzzy
 #| msgid ""
 #| "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
@@ -4615,17 +4624,17 @@ msgstr ""
 "styles différents pour les noms d'utilisateurs :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 #, fuzzy
 #| msgid ""
 #| "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
@@ -4644,12 +4653,12 @@ msgstr ""
 "styles différents pour les noms d'utilisateurs :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -4659,7 +4668,7 @@ msgstr ""
 "utilisateurs de domaines Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4669,17 +4678,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -4688,82 +4697,82 @@ msgstr ""
 "utiliser pour effectuer les requêtes DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Valeurs prises en charge :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, "
 "essayer IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter "
 "IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Par défaut : ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Par défaut : 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4771,17 +4780,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Par défaut : 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4790,14 +4799,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4805,7 +4814,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4813,17 +4822,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Par défaut : TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -4832,21 +4841,21 @@ msgstr ""
 "du domaine faisant partie de la requête DNS de découverte de services."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Par défaut : utiliser la partie du domaine qui est dans le nom de système de "
 "la machine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "pam_id_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4854,59 +4863,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Par défaut : 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr "Insensible à la casse."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4918,14 +4927,14 @@ msgstr ""
 "sortie."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -4938,17 +4947,17 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr "Par défaut : true (false pour le fournisseur AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4956,130 +4965,130 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_search_timeout (integer)"
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "ldap_network_timeout (integer)"
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "ldap_connection_expire_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout"
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 #, fuzzy
 #| msgid "ldap_krb5_ticket_lifetime (integer)"
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "ldap_enumeration_search_timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_expire_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 #, fuzzy
 #| msgid "Case insensitive."
 msgid "case_sensitive"
 msgstr "Insensible à la casse."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -5089,27 +5098,27 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "nom plat (NetBIOS) d'un sous-domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -5125,7 +5134,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -5133,17 +5142,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Par défaut : <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -5151,12 +5160,12 @@ msgstr ""
 "ce domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -5165,19 +5174,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -5185,14 +5194,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy (string)"
 msgstr "ldap_pwd_policy (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -5204,7 +5213,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -5216,7 +5225,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -5224,44 +5233,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_pwd_policy (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5270,7 +5279,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5281,7 +5290,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5289,38 +5298,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: cn"
 msgid "Default: match"
 msgstr "Par défaut : cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5329,24 +5338,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5356,14 +5365,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5371,21 +5380,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5393,7 +5402,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5402,7 +5411,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5411,7 +5420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -5423,17 +5432,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "Le proxy cible duquel PAM devient mandataire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 #, fuzzy
 #| msgid ""
 #| "Default: not set by default, you have to take an existing pam "
@@ -5447,12 +5456,12 @@ msgstr ""
 "ou en créer une nouvelle et ajouter le nom de service ici."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -5463,12 +5472,12 @@ msgstr ""
 "_nss_$(libName)_$(function), par exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -5476,12 +5485,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -5495,12 +5504,12 @@ msgstr ""
 "afin d'améliorer les performances."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -5508,7 +5517,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -5517,12 +5526,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -5539,7 +5548,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5547,17 +5556,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5566,7 +5575,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5576,7 +5585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5596,12 +5605,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5612,69 +5621,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5687,7 +5696,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5695,7 +5704,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5704,43 +5713,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5748,12 +5757,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5762,17 +5771,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5780,26 +5789,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5808,17 +5817,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5828,7 +5837,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5837,59 +5846,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5898,7 +5907,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5907,7 +5916,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5918,17 +5927,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5936,39 +5945,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -5981,7 +5990,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5990,7 +5999,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5998,12 +6007,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[sssd]\n"
@@ -6081,7 +6090,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -6090,7 +6099,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -6098,7 +6107,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -6109,7 +6118,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -6120,7 +6129,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6813,7 +6822,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "Par défaut : 900 (15 minutes)"
 
@@ -6923,12 +6932,22 @@ msgstr "Désactiver la récupération de plage Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
-msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+#, fuzzy
+#| msgid ""
+#| "Active Directory limits the number of members to be retrieved in a single "
+#| "lookup using the MaxValRange policy (which defaults to 1500 members). If "
+#| "a group contains more members, the reply would include an AD-specific "
+#| "range extension. This option disables parsing of the range extension, "
+#| "therefore large groups will appear as having no members."
+msgid ""
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 "Active Directory limite le nombre de membres à récupérer par recherche à "
 "l'aide de la stratégie MaxValRange (qui prend la valeur par défaut de 1500 "
@@ -6938,12 +6957,12 @@ msgstr ""
 "apparaissant ainsi sans aucun membre."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6954,19 +6973,19 @@ msgstr ""
 "de cette option sont définies par OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
 "par ldap.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6974,12 +6993,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6990,7 +7009,7 @@ msgstr ""
 "membres manquants est inférieur, ils sont recherchés individuellement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -7001,7 +7020,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -7014,7 +7033,7 @@ msgstr ""
 "acceptés sont 389/RHDS, OpenLDAP et Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -7025,12 +7044,12 @@ msgstr ""
 "déréférencement est désactivée indépendamment de ce paramètre."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -7038,7 +7057,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -7046,12 +7065,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -7060,7 +7079,7 @@ msgstr ""
 "session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -7069,7 +7088,7 @@ msgstr ""
 "quelconque certificat du serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7080,7 +7099,7 @@ msgstr ""
 "certificat est fourni, il est ignoré et la session continue normalement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7091,7 +7110,7 @@ msgstr ""
 "certificat est fourni, la session se termine immédiatement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -7102,22 +7121,22 @@ msgstr ""
 "immédiatement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Par défaut : hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -7126,7 +7145,7 @@ msgstr ""
 "certification que <command>sssd</command> reconnaîtra."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -7135,12 +7154,12 @@ msgstr ""
 "<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -7162,32 +7181,32 @@ msgstr ""
 "corrects."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "Définit le fichier qui contient le certificat pour la clef du client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "Définit le fichier qui contient la clef du client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -7195,12 +7214,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 #, fuzzy
 #| msgid ""
 #| "Specifies that the id_provider connection must also use <systemitem "
@@ -7215,12 +7234,12 @@ msgstr ""
 "canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -7232,19 +7251,19 @@ msgstr ""
 "ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "Cette fonctionnalité ne prend actuellement en charge que la correspondance "
 "par objectSID avec Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -7264,24 +7283,24 @@ msgstr ""
 "identifiants."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr "Par défaut : non indiqué (les deux options sont à 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -7292,12 +7311,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -7310,7 +7329,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -7322,17 +7341,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "Par défaut : host/hostname@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -7343,17 +7362,17 @@ msgstr ""
 "domaine, cette option est ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "Par défaut : la valeur de krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -7362,34 +7381,34 @@ msgstr ""
 "le nom de l'hôte au cours d'une liaison SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Défaut : false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -7397,28 +7416,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Par défaut : 86400 (24 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -7438,7 +7457,7 @@ msgstr ""
 "<quote>DÉCOUVERTE DE  SERVICES</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -7449,7 +7468,7 @@ msgstr ""
 "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -7461,29 +7480,29 @@ msgstr ""
 "l'utilisation de <quote>krb5_server</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -7493,12 +7512,12 @@ msgstr ""
 "Kerberos > = 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -7513,7 +7532,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -7525,12 +7544,12 @@ msgstr ""
 "localisation."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -7539,7 +7558,7 @@ msgstr ""
 "valeurs suivantes sont acceptées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -7548,7 +7567,7 @@ msgstr ""
 "peut pas désactiver la politique sur les mots de passe du côté serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 #, fuzzy
 #| msgid ""
 #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
@@ -7565,7 +7584,7 @@ msgstr ""
 "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -7577,7 +7596,7 @@ msgstr ""
 "est changé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -7586,17 +7605,17 @@ msgstr ""
 "côté serveur, elle prend le pas sur la politique indiquée avec cette option."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "Définit si le déréférencement automatique doit être activé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -7605,7 +7624,7 @@ msgstr ""
 "compilé avec OpenLDAP version 2.4.13 ou supérieur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 #, fuzzy
 #| msgid ""
 #| "Chasing referrals may incur a performance penalty in environments that "
@@ -7629,29 +7648,29 @@ msgstr ""
 "permettre d'améliorer de façon notable les performances."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Définit le nom de service à utiliser quand la découverte de services est "
 "activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Par défaut : ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -7660,19 +7679,19 @@ msgstr ""
 "un changement de mot de passe quand la découverte de services est activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 "Par défaut : non défini, c'est-à-dire que le service de découverte est "
 "désactivé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -7682,7 +7701,7 @@ msgstr ""
 "de passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -7691,12 +7710,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -7712,12 +7731,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Exemple :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -7729,7 +7748,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -7738,7 +7757,7 @@ msgstr ""
 "dont l'attribut employeeType est « admin »."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -7747,17 +7766,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "Par défaut : vide"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -7766,7 +7785,7 @@ msgstr ""
 "être activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -7778,12 +7797,12 @@ msgstr ""
 "correct."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Les valeurs suivantes sont autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -7792,7 +7811,7 @@ msgstr ""
 "pour déterminer si le compte a expiré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -7805,7 +7824,7 @@ msgstr ""
 "d'expiration du compte est aussi vérifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -7816,7 +7835,7 @@ msgstr ""
 "l'accès est autorisé ou non."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -7829,7 +7848,7 @@ msgstr ""
 "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -7840,24 +7859,24 @@ msgstr ""
 "ldap_account_expire_policy de fonctionner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Liste séparées par des virgules des options de contrôles d'accès. Les "
 "valeurs autorisées sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7867,14 +7886,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7887,12 +7906,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -7902,31 +7921,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7934,7 +7953,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -7943,32 +7962,32 @@ msgstr ""
 "authorizedService pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Par défaut : filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -7977,12 +7996,12 @@ msgstr ""
 "de configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7991,22 +8010,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -8015,12 +8034,12 @@ msgstr ""
 "recherche. Les options suivantes sont autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -8030,7 +8049,7 @@ msgstr ""
 "recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -8039,7 +8058,7 @@ msgstr ""
 "la localisation de l'objet de base de la recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -8048,7 +8067,7 @@ msgstr ""
 "recherche et et la localisation de l'objet de base de la recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -8057,12 +8076,12 @@ msgstr ""
 "bibliothèques clientes LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -8071,7 +8090,7 @@ msgstr ""
 "LDAP pour les serveurs qui utilisent le schéma RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -8089,7 +8108,7 @@ msgstr ""
 "initgoups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -8100,64 +8119,64 @@ msgstr ""
 "ajoutent les utilisateurs locaux aux groupes LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "debug_level (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 #, fuzzy
 #| msgid "Default: 0 (disabled)"
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "Par défaut : 0 (désactivé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_id_mapping (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -8165,14 +8184,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -8195,12 +8214,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "OPTIONS DE SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -8208,12 +8227,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -8223,7 +8242,7 @@ msgstr ""
 "règles qui sont stockées sur le serveur)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -8232,24 +8251,24 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "Par défaut : 21600 (6 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -8257,7 +8276,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -8266,7 +8285,7 @@ msgstr ""
 "modifyTimestamp est utilisé à la place."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -8276,21 +8295,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_idmap_range_size (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -8298,7 +8317,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -8306,17 +8325,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -8326,12 +8345,12 @@ msgstr ""
 "noms de systèmes)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -8340,7 +8359,7 @@ msgstr ""
 "doivent être utilisés pour filtrer les règles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -8349,8 +8368,8 @@ msgstr ""
 "nom de système et le nom de domaine pleinement qualifié."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -8359,17 +8378,17 @@ msgstr ""
 "emphasis>, alors cette option n'a aucun effet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "Par défaut : non spécifié"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -8378,7 +8397,7 @@ msgstr ""
 "IPv6 qui doivent être utilisés pour filtrer les règles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -8387,12 +8406,12 @@ msgstr ""
 "automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -8401,12 +8420,12 @@ msgstr ""
 "netgroup dans l'attribut sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -8415,14 +8434,14 @@ msgstr ""
 "un joker dans l'attribut sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -8435,59 +8454,59 @@ msgstr ""
 "manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "OPTIONS AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "Par défaut : auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "OPTIONS AVANCÉES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -8496,22 +8515,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -8520,14 +8539,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "EXEMPLE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -8538,7 +8557,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8558,7 +8577,7 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -8566,19 +8585,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8604,13 +8623,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -8672,7 +8691,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "OPTIONS"
 
@@ -13918,7 +13937,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr "CODE RETOUR"
@@ -14070,7 +14089,7 @@ msgstr "Le mot de passe chiffré sera lu sur l'entrée standard."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -16048,8 +16067,13 @@ msgstr ""
 "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
 "citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -16057,14 +16081,14 @@ msgstr ""
 "replaceable> hôte."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-R</option>,<option>--no-remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -16072,12 +16096,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -16091,7 +16115,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -16099,7 +16123,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -16108,14 +16132,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 #, fuzzy
 #| msgid ""
 #| "In case of success, an exit value of 0 is returned. Otherwise, 1 is "
 #| "returned."
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 "Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 "
 "est renvoyée. Dans le cas contraire, 1 est renvoyé."
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index c8884a9460..44d14d3d16 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2021-07-20 07:04+0000\n"
 "Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
 "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/"
@@ -235,10 +235,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -257,10 +257,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -296,8 +296,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -327,8 +327,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "初期値: 10"
 
@@ -395,7 +395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (文字列)"
 
@@ -415,12 +415,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -431,39 +431,39 @@ msgstr ""
 "manvolnum> </citerefentry> 互換形式。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "ユーザー名"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -637,8 +637,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -917,7 +917,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -952,29 +952,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "ipa_automount_location (string)"
 msgid "passkey_verification (string)"
 msgstr "ipa_automount_location (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "ipa_automount_location (string)"
 msgid "user_verification (boolean)"
 msgstr "ipa_automount_location (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -982,7 +991,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -1012,12 +1021,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "サービスセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1029,22 +1038,22 @@ msgstr ""
 "ば、NSS サービスは <quote>[nss]</quote> セクションです"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "サービス設定の全体オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1054,17 +1063,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1074,19 +1083,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 60, KCM: 300"
 msgstr "初期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1097,14 +1106,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1112,46 +1121,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "初期値: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1160,64 +1169,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "初期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "offline_failed_login_attempts (integer)"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_failed_login_attempts (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "初期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1229,30 +1238,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "初期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "NSS 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1260,12 +1269,12 @@ msgstr ""
 "きます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1274,17 +1283,17 @@ msgstr ""
 "要求）。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "初期値: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1295,7 +1304,7 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1310,7 +1319,7 @@ msgstr ""
 "とをブロックする必要がありません。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1323,17 +1332,17 @@ msgstr ""
 "（0 はこの機能を無効にします）"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "初期値: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1344,17 +1353,17 @@ msgstr ""
 "せ）をキャッシュする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "初期値: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1362,17 +1371,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1381,7 +1390,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1390,17 +1399,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "初期値: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1408,12 +1417,12 @@ msgstr ""
 "ションを偽に設定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1422,7 +1431,7 @@ msgstr ""
 "ホームディレクトリーの標準テンプレートを設定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1430,7 +1439,7 @@ msgstr ""
 "同じです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1440,23 +1449,23 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1464,17 +1473,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1482,13 +1491,13 @@ msgstr ""
 "す:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1497,7 +1506,7 @@ msgstr ""
 "ば、shell_fallback パラメーターの値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1506,12 +1515,12 @@ msgstr ""
 "ば、nologin シェルが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1519,12 +1528,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "シェルの空文字列は libc にそのまま渡されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1534,27 +1543,27 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1562,79 +1571,79 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "初期値: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1642,27 +1651,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1670,21 +1679,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "初期値: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1692,14 +1701,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1708,12 +1717,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1724,38 +1733,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>permit</quote>"
 msgid "Default: <quote>*</quote>"
 msgstr "初期値: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 #, fuzzy
 #| msgid "This option can also be set per-domain."
 msgid ""
@@ -1764,7 +1773,7 @@ msgid ""
 msgstr "このオプションはドメインごとに設定できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1773,12 +1782,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "PAM 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1787,12 +1796,12 @@ msgstr ""
 "ために使用できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1801,17 +1810,17 @@ msgstr ""
 "ラインログインの最終成功からの日数）です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "初期値: 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1819,12 +1828,12 @@ msgstr ""
 "認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1833,7 +1842,7 @@ msgstr ""
 "渡される分単位の時間です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1844,17 +1853,17 @@ msgstr ""
 "効にできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "初期値: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1863,44 +1872,44 @@ msgstr ""
 "きいほどメッセージが表示されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "現在 sssd は以下の値をサポートします:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "初期値: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "ldap_access_filter (string)"
 msgid "pam_response_filter (string)"
 msgstr "ldap_access_filter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1909,51 +1918,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1964,23 +1973,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1990,7 +1999,7 @@ msgstr ""
 "されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2003,17 +2012,17 @@ msgstr ""
 "アプリケーションごとに）制御します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2023,32 +2032,32 @@ msgstr ""
 "ことに注意してください。この情報がなければ、sssd は警告を表示します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "初期値: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2058,75 +2067,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "初期値: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2134,19 +2143,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2154,48 +2163,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 #, fuzzy
 #| msgid "ldap_chpass_update_last_change (bool)"
 msgid "pam_passkey_auth (bool)"
 msgstr "ldap_chpass_update_last_change (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "初期値: True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "初期値: 偽"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2203,36 +2212,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "ipa_automount_location (string)"
 msgid "pam_cert_verification (string)"
 msgstr "ipa_automount_location (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2242,7 +2251,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, fuzzy, no-wrap
 #| msgid ""
 #| "fallback_homedir = /home/%u\n"
@@ -2255,63 +2264,63 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "pam_id_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "simple_allow_users (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "simple_allow_users (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2319,7 +2328,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2331,63 +2340,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2395,12 +2404,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2411,7 +2420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2419,7 +2428,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2427,7 +2436,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2436,47 +2445,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2485,17 +2494,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 #, fuzzy
 #| msgid "Comma separated list of users who are allowed to log in."
 msgid ""
@@ -2504,13 +2513,13 @@ msgid ""
 msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2518,7 +2527,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, fuzzy, no-wrap
 #| msgid ""
 #| "fallback_homedir = /home/%u\n"
@@ -2531,22 +2540,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2554,19 +2563,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2574,7 +2583,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2589,7 +2598,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2597,45 +2606,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2643,7 +2652,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2651,19 +2660,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 #, fuzzy
 #| msgid "Default: not set (no substitution for unset home directories)"
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "SUDO 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2674,12 +2683,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2688,12 +2697,12 @@ msgstr ""
 "を評価するかしないかです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2703,22 +2712,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "Autofs 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2729,51 +2738,51 @@ msgstr ""
 "ヒットする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "SSH 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "初期値: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2782,12 +2791,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2797,7 +2806,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2805,7 +2814,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2814,38 +2823,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2856,7 +2865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2867,24 +2876,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2892,19 +2901,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2913,7 +2922,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2922,26 +2931,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "ldap_schema (string)"
 msgid "pac_check (string)"
 msgstr "ldap_schema (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2952,24 +2961,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2977,24 +2986,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3006,7 +3015,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3017,41 +3026,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -3064,19 +3073,19 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3086,66 +3095,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3156,17 +3165,17 @@ msgstr ""
 "の可能性がある場合には、その後になります。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3177,7 +3186,7 @@ msgstr ""
 "文字の変更などの可能性がある場合には、その後になります。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3186,65 +3195,65 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "simple_deny_users (string)"
 msgid "exclude_users (string)"
 msgstr "simple_deny_users (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No users excluded."
 msgstr "初期値: 空、つまり ldap_uri が使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "simple_deny_groups (string)"
 msgid "exclude_groups (string)"
 msgstr "simple_deny_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No groups excluded."
 msgstr "初期値: 空、つまり ldap_uri が使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "ドメインセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3254,12 +3263,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3268,14 +3277,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3284,31 +3293,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3317,7 +3326,7 @@ msgstr ""
 "トリーを含む場合、それは無視されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3329,24 +3338,24 @@ msgstr ""
 "バーに対して、範囲内にあるものは予期されたものとして報告されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3355,36 +3364,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = ユーザーとグループが列挙されます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = このドメインに対して列挙しません"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "初期値: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3398,7 +3407,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3407,7 +3416,7 @@ msgstr ""
 "れが完了するまで結果を返しません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3420,14 +3429,14 @@ msgstr ""
 "てください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3435,32 +3444,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3469,12 +3478,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -3483,7 +3492,7 @@ msgstr ""
 "数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3494,17 +3503,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "初期値: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -3513,19 +3522,19 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "初期値: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -3534,12 +3543,12 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -3548,12 +3557,12 @@ msgstr ""
 "有効であると考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -3562,48 +3571,48 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -3612,31 +3621,31 @@ msgstr ""
 "秒キャッシュするか。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3645,17 +3654,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3667,18 +3676,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "初期値: 0 (無効)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3689,7 +3698,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3698,12 +3707,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3714,19 +3723,19 @@ msgstr ""
 "に保存する必要がある最小の長さを決定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3738,17 +3747,17 @@ msgstr ""
 "offline_credentials_expiration と同等以上でなければいけません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "初期値: 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3757,17 +3766,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -3775,12 +3784,12 @@ msgstr ""
 "ダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3788,7 +3797,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3799,8 +3808,8 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 #, fuzzy
 #| msgid ""
 #| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
@@ -3818,8 +3827,8 @@ msgstr ""
 "い。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3830,12 +3839,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -3844,7 +3853,7 @@ msgstr ""
 "名形式により整形されたように) を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3857,7 +3866,7 @@ msgstr ""
 "んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3865,24 +3874,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3894,7 +3903,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3902,23 +3911,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -3927,7 +3936,7 @@ msgstr ""
 "ダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3938,7 +3947,7 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3949,19 +3958,19 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> は明示的に認証を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -3970,12 +3979,12 @@ msgstr ""
 "ならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3986,7 +3995,7 @@ msgstr ""
 "えます）。内部の特別プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -3995,12 +4004,12 @@ msgstr ""
 "ロバイダーのみアクセスが許可されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4013,7 +4022,7 @@ msgstr ""
 "citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4021,22 +4030,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "初期値: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4045,7 +4054,7 @@ msgstr ""
 "パスワード変更プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4053,7 +4062,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4064,7 +4073,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -4072,12 +4081,12 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4086,19 +4095,19 @@ msgstr ""
 "うことができるならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
 "は次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4109,33 +4118,33 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4146,7 +4155,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4155,12 +4164,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4168,7 +4177,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4176,31 +4185,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4208,7 +4217,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4217,17 +4226,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4235,30 +4244,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -4266,7 +4275,7 @@ msgstr ""
 "プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4277,7 +4286,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4288,7 +4297,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4296,17 +4305,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -4315,7 +4324,7 @@ msgstr ""
 "hostid プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4326,31 +4335,31 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4358,7 +4367,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4367,12 +4376,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4382,24 +4391,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4408,19 +4417,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4430,17 +4439,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "初期値: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -4449,80 +4458,80 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "サポートする値:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "初期値: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "初期値: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4530,17 +4539,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "初期値: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4549,14 +4558,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4564,7 +4573,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4572,17 +4581,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "初期値: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -4591,19 +4600,19 @@ msgstr ""
 "イン部分を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "pam_id_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4611,59 +4620,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "初期値: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "プライマリー GID の値を指定されたもので上書きします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4671,14 +4680,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -4691,17 +4700,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4709,128 +4718,128 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_search_timeout (integer)"
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "ldap_network_timeout (integer)"
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "ldap_connection_expire_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 #, fuzzy
 #| msgid "ldap_purge_cache_timeout (integer)"
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 #, fuzzy
 #| msgid "ldap_krb5_ticket_lifetime (integer)"
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "ldap_enumeration_search_timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "ldap_connection_expire_timeout (integer)"
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_expire_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4838,27 +4847,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "サブドメインのフラット (NetBIOS) 名。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4868,35 +4877,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "初期値: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4905,19 +4914,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4925,14 +4934,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy (string)"
 msgstr "ldap_pwd_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4944,7 +4953,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4956,7 +4965,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4964,44 +4973,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_pwd_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5010,7 +5019,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5021,7 +5030,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5029,38 +5038,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: cn"
 msgid "Default: match"
 msgstr "初期値: cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5069,24 +5078,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5096,14 +5105,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5111,21 +5120,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5133,7 +5142,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5142,7 +5151,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5151,7 +5160,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -5162,17 +5171,17 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "中継するプロキシターゲット PAM です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 #, fuzzy
 #| msgid ""
 #| "Default: not set by default, you have to take an existing pam "
@@ -5186,12 +5195,12 @@ msgstr ""
 "をここに追加する必要があります。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -5202,12 +5211,12 @@ msgstr ""
 "_nss_files_getpwent です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -5215,12 +5224,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -5229,12 +5238,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -5242,7 +5251,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -5251,12 +5260,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -5273,7 +5282,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5281,17 +5290,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5300,7 +5309,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5310,7 +5319,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5330,12 +5339,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5346,69 +5355,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5421,7 +5430,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5429,7 +5438,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5438,43 +5447,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5482,12 +5491,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5496,17 +5505,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5514,26 +5523,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5542,17 +5551,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5562,7 +5571,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5571,59 +5580,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5632,7 +5641,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5641,7 +5650,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5652,17 +5661,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5670,39 +5679,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 #, fuzzy
 #| msgid ""
 #| "The following expansions are supported: <placeholder "
@@ -5715,7 +5724,7 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5724,7 +5733,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5732,12 +5741,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[sssd]\n"
@@ -5815,7 +5824,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5824,7 +5833,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5832,7 +5841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5843,7 +5852,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5854,7 +5863,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6491,7 +6500,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "初期値: 900 (15 分)"
 
@@ -6591,20 +6600,23 @@ msgstr "Active Directory の範囲の取得を無効化します。"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6612,17 +6624,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6630,12 +6642,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6643,7 +6655,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6654,7 +6666,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6663,7 +6675,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6671,12 +6683,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6684,7 +6696,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6692,12 +6704,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -6706,7 +6718,7 @@ msgstr ""
 "クするものを指定します。以下の値のうち 1 つを指定できます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -6715,7 +6727,7 @@ msgstr ""
 "確認しません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6726,7 +6738,7 @@ msgstr ""
 "無視され、セッションが通常通り進められます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6737,7 +6749,7 @@ msgstr ""
 "ンが直ちに終了します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6747,22 +6759,22 @@ msgstr ""
 "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "初期値: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -6772,7 +6784,7 @@ msgstr ""
 "書を含むファイルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -6781,12 +6793,12 @@ msgstr ""
 "filename> にあります"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -6807,32 +6819,32 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "クライアントのキーを含むファイルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6840,12 +6852,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 #, fuzzy
 #| msgid ""
 #| "Specifies that the id_provider connection must also use <systemitem "
@@ -6859,12 +6871,12 @@ msgstr ""
 "用する必要がある id_provider 接続を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6872,18 +6884,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6894,24 +6906,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6922,12 +6934,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6940,7 +6952,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6952,17 +6964,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "初期値: host/hostname@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6970,17 +6982,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "初期値: krb5_realm の値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -6989,33 +7001,33 @@ msgstr ""
 "するために逆引きを実行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "初期値: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -7023,28 +7035,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "初期値: 86400 (24 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -7056,7 +7068,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -7067,7 +7079,7 @@ msgstr ""
 "ば _tcp にフォールバックします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -7078,27 +7090,27 @@ msgstr ""
 "quote> を使用するよう設定ファイルを移行することが推奨されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -7107,12 +7119,12 @@ msgstr ""
 "します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -7122,7 +7134,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -7133,12 +7145,12 @@ msgstr ""
 "manvolnum> </citerefentry> マニュアルページを参照ください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -7147,7 +7159,7 @@ msgstr ""
 "す。以下の値が許容されます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -7156,7 +7168,7 @@ msgstr ""
 "ンはサーバー側のパスワードポリシーを無効にできません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 #, fuzzy
 #| msgid ""
 #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
@@ -7173,7 +7185,7 @@ msgstr ""
 "manvolnum></citerefentry> 形式の属性を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -7184,24 +7196,24 @@ msgstr ""
 "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "自動参照追跡が有効化されるかを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -7210,7 +7222,7 @@ msgstr ""
 "sssd のみが参照追跡をサポートすることに注意してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -7223,28 +7235,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "サービス検索が有効にされているときに使用するサービスの名前を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "初期値: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -7253,24 +7265,24 @@ msgstr ""
 "を検索するために使用するサービスの名前を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -7279,12 +7291,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -7300,12 +7312,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "例:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -7314,14 +7326,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -7330,17 +7342,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "初期値: 空白"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -7349,7 +7361,7 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -7360,12 +7372,12 @@ msgstr ""
 "否します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "以下の値が許可されます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -7374,7 +7386,7 @@ msgstr ""
 "ldap_user_shadow_expire の値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -7383,7 +7395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -7394,7 +7406,7 @@ msgstr ""
 "ldap_ns_account_lock の値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -7407,7 +7419,7 @@ msgstr ""
 "クセスが許可されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -7415,23 +7427,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7441,14 +7453,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7461,12 +7473,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -7476,31 +7488,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7508,7 +7520,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -7517,44 +7529,44 @@ msgstr ""
 "authorizedService 属性を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "初期値: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr "値が複数使用されていると設定エラーになることに注意してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7563,22 +7575,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -7587,12 +7599,12 @@ msgstr ""
 "ションが許容されます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -7601,7 +7613,7 @@ msgstr ""
 "決されますが、検索のベースオブジェクトの位置を探すときはされません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -7610,7 +7622,7 @@ msgstr ""
 "すときのみ参照解決されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -7619,7 +7631,7 @@ msgstr ""
 "きも位置を検索するときも参照解決されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -7628,12 +7640,12 @@ msgstr ""
 "して取り扱われます）"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -7642,7 +7654,7 @@ msgstr ""
 "ユーザーを保持することができます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7653,7 +7665,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7661,64 +7673,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "debug_level (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 #, fuzzy
 #| msgid "Default: 0 (disabled)"
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "初期値: 0 (無効)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_id_mapping (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7726,14 +7738,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7756,12 +7768,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "SUDO オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7769,19 +7781,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -7790,24 +7802,24 @@ msgstr ""
 "ります"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "初期値: 21600 (6 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7815,14 +7827,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7832,21 +7844,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_idmap_range_size (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7854,7 +7866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7862,29 +7874,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -7893,15 +7905,15 @@ msgstr ""
 "区切り一覧です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -7910,17 +7922,17 @@ msgstr ""
 "ならば、このオプションは効果を持ちません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "初期値: 指定なし"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -7929,7 +7941,7 @@ msgstr ""
 "アドレスの空白区切り一覧です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -7937,38 +7949,38 @@ msgstr ""
 "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7980,59 +7992,59 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "AUTOFS オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "LDAP のオートマウントマスターマップの名前。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "高度なオプション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -8041,22 +8053,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -8065,14 +8077,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "例"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -8083,7 +8095,7 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8096,7 +8108,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -8104,19 +8116,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -8132,13 +8144,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "注記"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -8200,7 +8212,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "オプション"
 
@@ -13262,7 +13274,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr "終了コード"
@@ -13412,7 +13424,7 @@ msgstr "解読しにくくするパスワードが標準入力から読み込ま
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -15322,8 +15334,13 @@ msgstr ""
 "command> を使用するために設定できます: <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -15331,14 +15348,14 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-R</option>,<option>--no-remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -15346,12 +15363,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -15365,7 +15382,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -15373,7 +15390,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -15382,10 +15399,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index 0676f2f78e..ff5e5417ef 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-15 12:00-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
@@ -213,10 +213,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -235,10 +235,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -272,8 +272,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -303,8 +303,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Noklusējuma: 10"
 
@@ -371,7 +371,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -391,12 +391,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -404,39 +404,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -593,8 +593,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -865,7 +865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -896,25 +896,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -922,7 +931,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -941,12 +950,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -955,22 +964,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -980,17 +989,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1000,19 +1009,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 60, KCM: 300"
 msgstr "Noklusējuma: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1023,14 +1032,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1038,46 +1047,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Noklusējuma: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1086,64 +1095,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "Noklusējuma: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "Noklusējuma: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1155,58 +1164,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Noklusējuma: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1214,7 +1223,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1224,7 +1233,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1233,17 +1242,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1251,17 +1260,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Noklusējuma: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1269,17 +1278,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1288,7 +1297,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1297,41 +1306,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1339,23 +1348,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1363,47 +1372,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1411,115 +1420,115 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1527,27 +1536,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1555,19 +1564,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Noklusējuma: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1575,14 +1584,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1591,12 +1600,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1607,45 +1616,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>permit</quote>"
 msgid "Default: <quote>*</quote>"
 msgstr "Noklusējuma: <quote>atļaut</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1654,60 +1663,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Noklusējuma: 0 (bez ierobežojuma)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1715,59 +1724,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Noklusējuma: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1776,51 +1785,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1831,23 +1840,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1855,7 +1864,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1864,17 +1873,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1882,32 +1891,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1917,75 +1926,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1993,19 +2002,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2013,46 +2022,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2060,34 +2069,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2097,7 +2106,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2105,61 +2114,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2167,7 +2176,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2179,63 +2188,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2243,12 +2252,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2259,7 +2268,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2267,7 +2276,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2275,7 +2284,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2284,47 +2293,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2333,30 +2342,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2364,7 +2373,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2372,22 +2381,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2395,19 +2404,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2415,7 +2424,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2430,7 +2439,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2438,45 +2447,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2484,7 +2493,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2492,17 +2501,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2513,24 +2522,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2540,22 +2549,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2563,51 +2572,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2616,12 +2625,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2631,7 +2640,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2639,7 +2648,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2648,38 +2657,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2690,7 +2699,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2701,24 +2710,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2726,19 +2735,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2747,7 +2756,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2756,24 +2765,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2784,24 +2793,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2809,24 +2818,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2838,7 +2847,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2849,60 +2858,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2912,66 +2921,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2979,17 +2988,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2997,7 +3006,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3006,57 +3015,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3066,12 +3075,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3080,14 +3089,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3096,38 +3105,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3136,24 +3145,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3162,36 +3171,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3205,14 +3214,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3221,14 +3230,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3236,32 +3245,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3270,19 +3279,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3293,139 +3302,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3434,17 +3443,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3456,18 +3465,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3478,7 +3487,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3487,12 +3496,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3500,19 +3509,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3521,17 +3530,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Noklusējuma: 0 (neierobežots)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3540,28 +3549,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3569,7 +3578,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3577,8 +3586,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3586,8 +3595,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3595,19 +3604,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3616,7 +3625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3624,24 +3633,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3653,7 +3662,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3661,30 +3670,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3692,7 +3701,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3700,30 +3709,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3731,19 +3740,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3752,7 +3761,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3760,29 +3769,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Noklusējuma: <quote>atļaut</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3790,7 +3799,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3798,35 +3807,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3834,32 +3843,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3870,7 +3879,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3879,12 +3888,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3892,7 +3901,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3900,31 +3909,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3932,7 +3941,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3941,17 +3950,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3959,36 +3968,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3996,7 +4005,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4004,7 +4013,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4012,24 +4021,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4037,31 +4046,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4069,7 +4078,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4078,12 +4087,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4093,24 +4102,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4119,19 +4128,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4141,93 +4150,93 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Atbalstītās vērtības:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4235,17 +4244,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4254,14 +4263,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4269,7 +4278,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4277,38 +4286,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 #, fuzzy
 #| msgid "Default: 6"
 msgid "Default: TRUE"
 msgstr "Noklusējuma: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4316,59 +4325,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 1"
 msgid "Default: 31"
 msgstr "Noklusējuma: 1"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4376,31 +4385,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4408,114 +4417,114 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4523,27 +4532,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4553,34 +4562,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4589,19 +4598,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4609,12 +4618,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4626,7 +4635,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4638,7 +4647,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4646,42 +4655,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4690,7 +4699,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4701,7 +4710,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4709,38 +4718,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: 6"
 msgid "Default: match"
 msgstr "Noklusējuma: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4749,24 +4758,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4776,14 +4785,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4791,21 +4800,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4813,7 +4822,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4822,7 +4831,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4831,7 +4840,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4839,17 +4848,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4857,12 +4866,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4870,12 +4879,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4883,12 +4892,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4897,12 +4906,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4910,19 +4919,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4939,7 +4948,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4947,17 +4956,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4966,7 +4975,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4976,7 +4985,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4996,12 +5005,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5012,69 +5021,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5087,7 +5096,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5095,7 +5104,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5104,43 +5113,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5148,12 +5157,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5162,17 +5171,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5180,26 +5189,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5208,17 +5217,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5228,7 +5237,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5237,59 +5246,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5298,7 +5307,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5307,7 +5316,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5318,17 +5327,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5336,46 +5345,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5384,7 +5393,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5392,12 +5401,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5426,7 +5435,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5435,7 +5444,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5443,7 +5452,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5454,7 +5463,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5465,7 +5474,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6048,7 +6057,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6137,20 +6146,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6158,17 +6170,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6176,12 +6188,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6189,7 +6201,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6200,7 +6212,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6209,7 +6221,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6217,12 +6229,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6230,7 +6242,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6238,26 +6250,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6265,7 +6277,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6273,7 +6285,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6281,41 +6293,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6325,32 +6337,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6358,12 +6370,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6371,12 +6383,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6384,17 +6396,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6405,24 +6417,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6433,12 +6445,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6451,7 +6463,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6463,17 +6475,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6481,49 +6493,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6531,28 +6543,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Noklusējuma: 86400 (24 stundas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6564,7 +6576,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6572,7 +6584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6580,39 +6592,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6622,7 +6634,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6630,26 +6642,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6658,7 +6670,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6666,31 +6678,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6703,51 +6715,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Noklusējuma: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6756,12 +6768,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6777,12 +6789,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Piemērs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6791,14 +6803,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6807,24 +6819,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6832,19 +6844,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Atļautas šādas vērtības:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6853,7 +6865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6861,7 +6873,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6870,7 +6882,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6878,22 +6890,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6903,14 +6915,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6923,12 +6935,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6938,31 +6950,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6970,50 +6982,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Noklusējuma: filtrēt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7022,74 +7034,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7100,7 +7112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7108,58 +7120,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7167,12 +7179,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7195,12 +7207,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7208,43 +7220,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7252,14 +7264,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7269,19 +7281,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7289,7 +7301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7297,106 +7309,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7405,59 +7417,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "PAPLAŠINĀTĀS IESPĒJAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7466,22 +7478,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7490,14 +7502,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "PIEMĒRS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7505,7 +7517,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7518,7 +7530,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7526,19 +7538,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7554,13 +7566,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "PIEZĪMES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7615,7 +7627,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "IESPĒJAS"
 
@@ -12482,7 +12494,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12614,7 +12626,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14358,19 +14370,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14378,12 +14395,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14397,7 +14414,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14405,7 +14422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14414,10 +14431,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index f3c94e44b2..7aa3e0e581 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-15 12:02-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -232,10 +232,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -254,10 +254,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -293,8 +293,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -324,8 +324,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -392,7 +392,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (tekst)"
 
@@ -412,12 +412,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -425,39 +425,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -624,8 +624,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -896,7 +896,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -927,29 +927,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "passkey_verification (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "user_verification (boolean)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -957,7 +966,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -976,12 +985,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "SERVICES SECTIE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -990,22 +999,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Algemene service configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Deze opties kunnen gebruikt worden om services te configureren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1015,17 +1024,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1035,19 +1044,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 60, KCM: 300"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1058,14 +1067,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1073,46 +1082,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1121,62 +1130,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 3600"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 30"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1188,30 +1197,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "NSS configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1219,12 +1228,12 @@ msgstr ""
 "configurere."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1233,17 +1242,17 @@ msgstr ""
 "over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Standaard: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1251,7 +1260,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1261,7 +1270,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1270,17 +1279,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1288,17 +1297,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1306,17 +1315,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1325,7 +1334,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1334,41 +1343,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1376,23 +1385,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1400,47 +1409,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1448,117 +1457,117 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1566,27 +1575,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1594,21 +1603,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1616,14 +1625,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1632,12 +1641,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1648,45 +1657,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>%1$s@%2$s</quote>."
 msgid "Default: <quote>*</quote>"
 msgstr "Standaard: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1695,60 +1704,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1756,61 +1765,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pam_response_filter (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1819,51 +1828,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1874,23 +1883,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1898,7 +1907,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1907,17 +1916,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1925,32 +1934,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Standaard: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1960,75 +1969,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2036,19 +2045,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2056,46 +2065,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2103,36 +2112,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pam_cert_verification (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2142,7 +2151,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2150,63 +2159,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2214,7 +2223,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2226,63 +2235,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2290,12 +2299,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2306,7 +2315,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2314,7 +2323,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2322,7 +2331,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2331,47 +2340,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2380,30 +2389,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2411,7 +2420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2419,22 +2428,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2442,19 +2451,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2462,7 +2471,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2477,7 +2486,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2485,45 +2494,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2531,7 +2540,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2539,17 +2548,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2560,24 +2569,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2587,22 +2596,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2610,51 +2619,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2663,12 +2672,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2678,7 +2687,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2686,7 +2695,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2695,38 +2704,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2737,7 +2746,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2748,24 +2757,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2773,19 +2782,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2794,7 +2803,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2803,26 +2812,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "pac_check (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2833,24 +2842,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2858,24 +2867,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2887,7 +2896,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2898,60 +2907,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2961,66 +2970,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3028,17 +3037,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3046,7 +3055,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3055,59 +3064,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "exclude_users (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3117,12 +3126,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3131,14 +3140,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3147,38 +3156,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3187,24 +3196,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3213,36 +3222,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3256,14 +3265,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3272,14 +3281,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3287,32 +3296,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3321,19 +3330,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3344,139 +3353,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3485,17 +3494,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3507,18 +3516,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3529,7 +3538,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3538,12 +3547,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3551,19 +3560,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3572,17 +3581,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3591,28 +3600,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3620,7 +3629,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3628,8 +3637,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3637,8 +3646,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3646,19 +3655,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3667,7 +3676,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3675,24 +3684,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3704,7 +3713,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3712,30 +3721,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3743,7 +3752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3751,30 +3760,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3782,19 +3791,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3803,7 +3812,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3811,29 +3820,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3841,7 +3850,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3849,35 +3858,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3885,32 +3894,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3921,7 +3930,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3930,12 +3939,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3943,7 +3952,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3951,31 +3960,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3983,7 +3992,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3992,17 +4001,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4010,36 +4019,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4047,7 +4056,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4055,7 +4064,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4063,24 +4072,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4088,31 +4097,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4120,7 +4129,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4129,12 +4138,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4144,24 +4153,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4170,19 +4179,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4192,93 +4201,93 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Standaard: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "entry_negative_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "entry_negative_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4286,17 +4295,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4305,14 +4314,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "entry_negative_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4320,7 +4329,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4328,38 +4337,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: TRUE"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "entry_negative_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4367,59 +4376,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4427,31 +4436,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4459,114 +4468,114 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "reconnection_retries (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "reconnection_retries (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "reconnection_retries (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "reconnection_retries (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "reconnection_retries (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "reconnection_retries (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "reconnection_retries (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "reconnection_retries (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4574,27 +4583,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4604,34 +4613,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4640,19 +4649,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4660,14 +4669,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "local_auth_policy (string)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4679,7 +4688,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4691,7 +4700,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4699,44 +4708,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4745,7 +4754,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4756,7 +4765,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4764,38 +4773,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: match"
 msgstr "Standaard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4804,24 +4813,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4831,14 +4840,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4846,21 +4855,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4868,7 +4877,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4877,7 +4886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4886,7 +4895,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4894,17 +4903,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4912,12 +4921,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4925,12 +4934,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4938,12 +4947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4952,12 +4961,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4965,19 +4974,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4994,7 +5003,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5002,17 +5011,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5021,7 +5030,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5031,7 +5040,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5051,12 +5060,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5067,69 +5076,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5142,7 +5151,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5150,7 +5159,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5159,43 +5168,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5203,12 +5212,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5217,17 +5226,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5235,26 +5244,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5263,17 +5272,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5283,7 +5292,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5292,59 +5301,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5353,7 +5362,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5362,7 +5371,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5373,17 +5382,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5391,46 +5400,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5439,7 +5448,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5447,12 +5456,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5481,7 +5490,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5490,7 +5499,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5498,7 +5507,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5509,7 +5518,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5520,7 +5529,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6103,7 +6112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6192,20 +6201,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6213,17 +6225,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6231,12 +6243,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6244,7 +6256,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6255,7 +6267,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6264,7 +6276,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6272,12 +6284,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6285,7 +6297,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6293,26 +6305,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6320,7 +6332,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6328,7 +6340,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6336,41 +6348,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6380,32 +6392,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6413,12 +6425,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6426,12 +6438,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6439,17 +6451,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6460,24 +6472,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6488,12 +6500,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6506,7 +6518,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6518,17 +6530,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6536,49 +6548,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6586,28 +6598,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6619,7 +6631,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6627,7 +6639,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6635,39 +6647,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6677,7 +6689,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6685,26 +6697,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6713,7 +6725,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6721,31 +6733,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6758,51 +6770,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6811,12 +6823,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6832,12 +6844,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6846,14 +6858,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6862,24 +6874,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6887,19 +6899,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6908,7 +6920,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6916,7 +6928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6925,7 +6937,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6933,22 +6945,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6958,14 +6970,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6978,12 +6990,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6993,31 +7005,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7025,50 +7037,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7077,74 +7089,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7155,7 +7167,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7163,62 +7175,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "debug_level (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "re_expression (string)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "re_expression (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7226,14 +7238,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "debug_level (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "debug_level (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7256,12 +7268,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7269,43 +7281,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7313,14 +7325,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7330,19 +7342,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7350,7 +7362,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7358,106 +7370,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7466,59 +7478,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7527,22 +7539,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7551,14 +7563,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7566,7 +7578,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7579,7 +7591,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7587,19 +7599,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7615,13 +7627,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7676,7 +7688,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "OPTIES"
 
@@ -12547,7 +12559,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12681,7 +12693,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14433,19 +14445,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14453,12 +14470,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14472,7 +14489,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14480,7 +14497,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14489,10 +14506,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index 051b6363ce..47a69d833c 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-15 12:05-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -227,10 +227,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -249,10 +249,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -288,8 +288,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -319,8 +319,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Padrão: 10"
 
@@ -387,7 +387,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (string)"
 
@@ -407,12 +407,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -420,39 +420,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -609,8 +609,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -881,7 +881,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -916,29 +916,38 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 #, fuzzy
 #| msgid "ldap_user_principal (string)"
 msgid "passkey_verification (string)"
 msgstr "ldap_user_principal (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 #, fuzzy
 #| msgid "ldap_user_principal (string)"
 msgid "user_verification (boolean)"
 msgstr "ldap_user_principal (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -946,7 +955,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -965,12 +974,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -979,22 +988,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1004,17 +1013,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1024,19 +1033,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 60, KCM: 300"
 msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1047,14 +1056,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1062,46 +1071,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Padrão: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 #, fuzzy
 #| msgid "timeout (integer)"
 msgid "offline_timeout_max (integer)"
 msgstr "timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1110,64 +1119,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 3600"
 msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "offline_timeout_random_offset (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 300"
 msgid "Default: 30"
 msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1179,58 +1188,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1238,7 +1247,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1248,7 +1257,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1257,17 +1266,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Padrão: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1275,17 +1284,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1293,17 +1302,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1312,7 +1321,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1321,41 +1330,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1363,23 +1372,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1387,47 +1396,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1435,117 +1444,117 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Padrão: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 #, fuzzy
 #| msgid "entry_cache_timeout (integer)"
 msgid "memcache_timeout (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 #, fuzzy
 #| msgid "entry_cache_timeout (integer)"
 msgid "memcache_size_passwd (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1553,27 +1562,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 #, fuzzy
 #| msgid "entry_cache_timeout (integer)"
 msgid "memcache_size_group (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1581,21 +1590,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Padrão: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 #, fuzzy
 #| msgid "entry_cache_timeout (integer)"
 msgid "memcache_size_initgroups (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1603,14 +1612,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 #, fuzzy
 #| msgid "entry_cache_timeout (integer)"
 msgid "memcache_size_sid (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1619,12 +1628,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1635,45 +1644,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: <quote>%1$s@%2$s</quote>."
 msgid "Default: <quote>*</quote>"
 msgstr "Default: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1682,60 +1691,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1743,61 +1752,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Padrão: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 #, fuzzy
 #| msgid "access_provider (string)"
 msgid "pam_response_filter (string)"
 msgstr "access_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1806,51 +1815,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1861,23 +1870,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1885,7 +1894,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1894,17 +1903,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1912,32 +1921,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1947,75 +1956,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Padrão: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2023,19 +2032,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2043,46 +2052,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2090,36 +2099,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 #, fuzzy
 #| msgid "ldap_user_principal (string)"
 msgid "pam_cert_verification (string)"
 msgstr "ldap_user_principal (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2129,7 +2138,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2137,63 +2146,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "passkey_child_timeout (integer)"
 msgstr "pam_id_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 #, fuzzy
 #| msgid "allowed_shells (string)"
 msgid "pam_p11_allowed_services (string)"
 msgstr "allowed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2201,7 +2210,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2213,63 +2222,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2277,12 +2286,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2293,7 +2302,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2301,7 +2310,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2309,7 +2318,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2318,47 +2327,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2367,30 +2376,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2398,7 +2407,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2406,22 +2415,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2429,19 +2438,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2449,7 +2458,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2464,7 +2473,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2472,45 +2481,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2518,7 +2527,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2526,17 +2535,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2547,24 +2556,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2574,22 +2583,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2597,51 +2606,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2650,12 +2659,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2665,7 +2674,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2673,7 +2682,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2682,38 +2691,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2724,7 +2733,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2735,24 +2744,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2760,19 +2769,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2781,7 +2790,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2790,26 +2799,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 #, fuzzy
 #| msgid "ipa_hostname (string)"
 msgid "pac_check (string)"
 msgstr "ipa_hostname (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2820,24 +2829,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2845,24 +2854,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2874,7 +2883,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2885,60 +2894,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2948,66 +2957,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3015,17 +3024,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3033,7 +3042,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3042,65 +3051,65 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 #, fuzzy
 #| msgid "ldap_user_shell (string)"
 msgid "exclude_users (string)"
 msgstr "ldap_user_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No users excluded."
 msgstr "Padrão: empty, ou seja, ldap_uri é usado."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 #, fuzzy
 #| msgid "ldap_group_search_base (string)"
 msgid "exclude_groups (string)"
 msgstr "ldap_group_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 #, fuzzy
 #| msgid "Default: empty, i.e. ldap_uri is used."
 msgid "Default: Empty. No groups excluded."
 msgstr "Padrão: empty, ou seja, ldap_uri é usado."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "SECÇÕES DE DOMÍNIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3110,12 +3119,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3124,14 +3133,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3140,38 +3149,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3180,24 +3189,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3206,36 +3215,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Padrão: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3249,14 +3258,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3265,14 +3274,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3280,32 +3289,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3314,19 +3323,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3337,139 +3346,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Padrão: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3478,17 +3487,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3500,18 +3509,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3522,7 +3531,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3531,12 +3540,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3544,19 +3553,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3565,17 +3574,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Padrão: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3584,28 +3593,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3613,7 +3622,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3621,8 +3630,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3630,8 +3639,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3639,19 +3648,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3660,7 +3669,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3668,24 +3677,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3697,7 +3706,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3705,30 +3714,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3736,7 +3745,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3744,30 +3753,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3775,19 +3784,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3796,7 +3805,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3804,29 +3813,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3834,7 +3843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3842,35 +3851,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3878,32 +3887,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3914,7 +3923,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3923,12 +3932,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3936,7 +3945,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3944,31 +3953,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3976,7 +3985,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3985,17 +3994,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4003,36 +4012,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4040,7 +4049,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4048,7 +4057,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4056,24 +4065,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4081,31 +4090,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4113,7 +4122,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4122,12 +4131,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4137,24 +4146,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4163,19 +4172,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4185,93 +4194,93 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Default: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Default: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Padrão: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4279,17 +4288,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Padrão: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4298,14 +4307,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 #, fuzzy
 #| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4313,7 +4322,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4321,36 +4330,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 #, fuzzy
 #| msgid "pam_id_timeout (integer)"
 msgid "failover_primary_timeout (integer)"
 msgstr "pam_id_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4358,59 +4367,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Padrão: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4418,31 +4427,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4450,126 +4459,126 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 #, fuzzy
 #| msgid "ldap_search_timeout (integer)"
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 #, fuzzy
 #| msgid "ldap_network_timeout (integer)"
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_offline_timeout"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 #, fuzzy
 #| msgid "ldap_krb5_ticket_lifetime (integer)"
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 #, fuzzy
 #| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_enumeration_refresh_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4577,27 +4586,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4607,34 +4616,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4643,19 +4652,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4663,14 +4672,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy (string)"
 msgstr "ldap_pwd_policy (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4682,7 +4691,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4694,7 +4703,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4702,44 +4711,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 #, fuzzy
 #| msgid "ldap_pwd_policy (string)"
 msgid "local_auth_policy = match (default)"
 msgstr "ldap_pwd_policy (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4748,7 +4757,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4759,7 +4768,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4767,38 +4776,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: cn"
 msgid "Default: match"
 msgstr "Padrão: NC"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4807,24 +4816,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4834,14 +4843,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4849,21 +4858,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4871,7 +4880,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4880,7 +4889,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4889,7 +4898,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4897,17 +4906,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4915,12 +4924,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4928,12 +4937,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4941,12 +4950,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4955,12 +4964,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4968,19 +4977,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4997,7 +5006,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -5005,17 +5014,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -5024,7 +5033,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -5034,7 +5043,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5054,12 +5063,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -5070,69 +5079,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5145,7 +5154,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5153,7 +5162,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5162,43 +5171,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5206,12 +5215,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5220,17 +5229,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5238,26 +5247,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5266,17 +5275,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5286,7 +5295,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5295,59 +5304,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5356,7 +5365,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5365,7 +5374,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5376,17 +5385,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5394,46 +5403,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5442,7 +5451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5450,12 +5459,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, fuzzy, no-wrap
 #| msgid ""
 #| "[sssd]\n"
@@ -5533,7 +5542,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5542,7 +5551,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5550,7 +5559,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5561,7 +5570,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5572,7 +5581,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6159,7 +6168,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6248,20 +6257,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6269,17 +6281,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6287,12 +6299,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6300,7 +6312,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6311,7 +6323,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6320,7 +6332,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6328,12 +6340,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6341,7 +6353,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6349,19 +6361,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -6370,7 +6382,7 @@ msgstr ""
 "qualquer certificado de servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6378,7 +6390,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6386,7 +6398,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6394,41 +6406,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Padrão: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6438,32 +6450,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6471,12 +6483,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6484,12 +6496,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6497,17 +6509,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6518,24 +6530,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6546,12 +6558,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6564,7 +6576,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6576,17 +6588,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6594,50 +6606,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Padrão: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6645,28 +6657,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Padrão: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6678,7 +6690,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6686,7 +6698,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6694,39 +6706,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6736,7 +6748,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6744,26 +6756,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6772,7 +6784,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6780,31 +6792,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6817,51 +6829,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6870,12 +6882,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6891,12 +6903,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6905,14 +6917,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6921,24 +6933,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6946,19 +6958,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6967,7 +6979,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6975,7 +6987,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6984,7 +6996,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6992,22 +7004,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7017,14 +7029,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7037,12 +7049,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -7052,31 +7064,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -7084,50 +7096,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Padrão: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7136,74 +7148,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7214,7 +7226,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7222,62 +7234,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 #, fuzzy
 #| msgid "ldap_page_size (integer)"
 msgid "ldap_library_debug_level (integer)"
 msgstr "ldap_page_size (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 #, fuzzy
 #| msgid "ldap_id_use_start_tls (boolean)"
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_id_use_start_tls (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7285,14 +7297,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_page_size (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_page_size (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7315,12 +7327,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7328,43 +7340,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7372,14 +7384,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7389,21 +7401,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_opt_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7411,7 +7423,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7419,106 +7431,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7527,59 +7539,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "OPÇÕES AVANÇADAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7588,22 +7600,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7612,14 +7624,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "EXEMPLO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7627,7 +7639,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7640,7 +7652,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7648,19 +7660,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7676,13 +7688,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTAS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7737,7 +7749,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "Opções"
 
@@ -12624,7 +12636,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12759,7 +12771,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14518,21 +14530,26 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-s</option>,<option>--stdin</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-s</option>,<option>--stdin</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14540,12 +14557,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14559,7 +14576,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14567,7 +14584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14576,10 +14593,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
index 5fefead597..798b0900b9 100644
--- a/src/man/po/pt_BR.po
+++ b/src/man/po/pt_BR.po
@@ -4,7 +4,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2017-01-29 10:11-0500\n"
 "Last-Translator: Rodrigo de Araujo Sousa Fonseca "
 "<rodrigodearaujo@fedoraproject.org>\n"
@@ -207,10 +207,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -229,10 +229,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -266,8 +266,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -297,8 +297,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -365,7 +365,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -385,12 +385,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -398,39 +398,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -587,8 +587,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -859,7 +859,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -890,25 +890,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -916,7 +925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -935,12 +944,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -949,22 +958,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -974,17 +983,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -994,17 +1003,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1015,14 +1024,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1030,44 +1039,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1076,58 +1085,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1139,58 +1148,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1198,7 +1207,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1208,7 +1217,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1217,17 +1226,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1235,17 +1244,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1253,17 +1262,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1272,7 +1281,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1281,41 +1290,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1323,23 +1332,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1347,47 +1356,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1395,113 +1404,113 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1509,25 +1518,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1535,19 +1544,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1555,12 +1564,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1569,12 +1578,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1585,43 +1594,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1630,60 +1639,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1691,59 +1700,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1752,51 +1761,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1807,23 +1816,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1831,7 +1840,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1840,17 +1849,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1858,32 +1867,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1893,75 +1902,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1969,19 +1978,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1989,46 +1998,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2036,34 +2045,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2073,7 +2082,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2081,59 +2090,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2141,7 +2150,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2153,63 +2162,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2217,12 +2226,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2233,7 +2242,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2241,7 +2250,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2249,7 +2258,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2258,47 +2267,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2307,30 +2316,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2338,7 +2347,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2346,22 +2355,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2369,19 +2378,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2389,7 +2398,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2404,7 +2413,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2412,45 +2421,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2458,7 +2467,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2466,17 +2475,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2487,24 +2496,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2514,22 +2523,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2537,51 +2546,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2590,12 +2599,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2605,7 +2614,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2613,7 +2622,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2622,38 +2631,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2664,7 +2673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2675,24 +2684,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2700,19 +2709,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2721,7 +2730,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2730,24 +2739,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2758,24 +2767,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2783,24 +2792,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2812,7 +2821,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2823,60 +2832,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2886,66 +2895,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2953,17 +2962,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2971,7 +2980,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -2980,57 +2989,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3040,12 +3049,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3054,14 +3063,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3070,38 +3079,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3110,24 +3119,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3136,36 +3145,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3179,14 +3188,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3195,14 +3204,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3210,32 +3219,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3244,19 +3253,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3267,139 +3276,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3408,17 +3417,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3430,18 +3439,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3452,7 +3461,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3461,12 +3470,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3474,19 +3483,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3495,17 +3504,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3514,28 +3523,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3543,7 +3552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3551,8 +3560,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3560,8 +3569,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3569,19 +3578,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3590,7 +3599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3598,24 +3607,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3627,7 +3636,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3635,30 +3644,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3666,7 +3675,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3674,30 +3683,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3705,19 +3714,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3726,7 +3735,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3734,29 +3743,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3764,7 +3773,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3772,35 +3781,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3808,32 +3817,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3844,7 +3853,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3853,12 +3862,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3866,7 +3875,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3874,31 +3883,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3906,7 +3915,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3915,17 +3924,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3933,36 +3942,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3970,7 +3979,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3978,7 +3987,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3986,24 +3995,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4011,31 +4020,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4043,7 +4052,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4052,12 +4061,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4067,24 +4076,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4093,19 +4102,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4115,89 +4124,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4205,17 +4214,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4224,12 +4233,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4237,7 +4246,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4245,34 +4254,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4280,57 +4289,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 msgid "Default: 31"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4338,31 +4347,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4370,104 +4379,104 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4475,27 +4484,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4505,34 +4514,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4541,19 +4550,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4561,12 +4570,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4578,7 +4587,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4590,7 +4599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4598,42 +4607,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4642,7 +4651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4653,7 +4662,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4661,36 +4670,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 msgid "Default: match"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4699,24 +4708,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4726,14 +4735,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4741,21 +4750,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4763,7 +4772,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4772,7 +4781,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4781,7 +4790,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4789,17 +4798,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4807,12 +4816,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4820,12 +4829,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4833,12 +4842,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4847,12 +4856,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4860,19 +4869,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4889,7 +4898,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4897,17 +4906,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4916,7 +4925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4926,7 +4935,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4946,12 +4955,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4962,69 +4971,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5037,7 +5046,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5045,7 +5054,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5054,43 +5063,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5098,12 +5107,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5112,17 +5121,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5130,26 +5139,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5158,17 +5167,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5178,7 +5187,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5187,59 +5196,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5248,7 +5257,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5257,7 +5266,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5268,17 +5277,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5286,46 +5295,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5334,7 +5343,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5342,12 +5351,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5376,7 +5385,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5385,7 +5394,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5393,7 +5402,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5404,7 +5413,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5415,7 +5424,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -5998,7 +6007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6085,20 +6094,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6106,17 +6118,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6124,12 +6136,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6137,7 +6149,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6148,7 +6160,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6157,7 +6169,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6165,12 +6177,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6178,7 +6190,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6186,26 +6198,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6213,7 +6225,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6221,7 +6233,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6229,41 +6241,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6273,32 +6285,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6306,12 +6318,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6319,12 +6331,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6332,17 +6344,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6353,24 +6365,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6381,12 +6393,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6399,7 +6411,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6411,17 +6423,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6429,49 +6441,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6479,28 +6491,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6512,7 +6524,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6520,7 +6532,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6528,39 +6540,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6570,7 +6582,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6578,26 +6590,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6606,7 +6618,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6614,31 +6626,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6651,51 +6663,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6704,12 +6716,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6725,12 +6737,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6739,14 +6751,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6755,24 +6767,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6780,19 +6792,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6801,7 +6813,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6809,7 +6821,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6818,7 +6830,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6826,22 +6838,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6851,14 +6863,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6871,12 +6883,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6886,31 +6898,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6918,50 +6930,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6970,74 +6982,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7048,7 +7060,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7056,58 +7068,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7115,12 +7127,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7143,12 +7155,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7156,43 +7168,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7200,14 +7212,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7217,19 +7229,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7237,7 +7249,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7245,106 +7257,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7353,59 +7365,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7414,22 +7426,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7438,14 +7450,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7453,7 +7465,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7466,7 +7478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7474,19 +7486,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7502,13 +7514,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7563,7 +7575,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "OPÇÕES"
 
@@ -12422,7 +12434,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12554,7 +12566,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14298,19 +14310,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14318,12 +14335,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14337,7 +14354,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14345,7 +14362,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14354,10 +14371,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index ee55452ae4..8767f9eef1 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-09-24 08:39+0000\n"
 "Last-Translator: Elena Mishina <lepata@basealt.ru>\n"
 "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/"
@@ -262,10 +262,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -287,10 +287,10 @@ msgstr ""
 "игнорироваться."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -332,8 +332,8 @@ msgstr ""
 "на другие типы журнала)."
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -367,8 +367,8 @@ msgstr ""
 "завершит свою работу."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "По умолчанию: 10"
 
@@ -461,7 +461,7 @@ msgstr ""
 "Символ «/» использовать нельзя."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (строка)"
 
@@ -487,12 +487,12 @@ msgstr ""
 "разделе справки «РАЗДЕЛЫ ДОМЕНА»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -503,32 +503,32 @@ msgstr ""
 "создания полностью определённого имени из имени пользователя и имени домена."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "имя пользователя"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr "имя домена, указанное в файле конфигурации SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -538,7 +538,7 @@ msgstr ""
 "доверия IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -749,8 +749,8 @@ msgstr ""
 "параметр default_domain_suffix.  </phrase>"
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -1091,7 +1091,7 @@ msgstr ""
 "пользователей в разных доменах могут быть одинаковыми."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "По умолчанию: не задано"
@@ -1129,18 +1129,27 @@ msgstr ""
 "чтобы избежать утечки паролей в открытом виде. Дополнительные сведения "
 "доступны на справочной странице prctl:PR_SET_DUMPABLE."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr "passkey_verification (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr "user_verification (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
@@ -1150,7 +1159,7 @@ msgstr ""
 "запрашиваться всегда."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1161,7 +1170,7 @@ msgstr ""
 "перезаписано сервером."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -1189,12 +1198,12 @@ msgstr ""
 "<quote>[sssd]</quote>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "РАЗДЕЛЫ СЛУЖБ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1207,22 +1216,22 @@ msgstr ""
 "раздел <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Общие параметры настройки служб"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Эти параметры можно использовать для настройки любых служб."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1238,17 +1247,17 @@ msgstr ""
 "ограничением «hard» в limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "По умолчанию: 8192 (или ограничение «hard» в limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1263,17 +1272,17 @@ msgstr ""
 "на 10 секунд."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr "По умолчанию: 60, KCM: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1291,7 +1300,7 @@ msgstr ""
 "следующей формуле:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
@@ -1300,7 +1309,7 @@ msgstr ""
 "offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1312,7 +1321,7 @@ msgstr ""
 "количество секунд до следующей попытки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
@@ -1321,18 +1330,18 @@ msgstr ""
 "параметром offline_timeout_max (кроме случайной части)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "По умолчанию: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout_max (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
@@ -1341,12 +1350,12 @@ msgstr ""
 "сеть после неудачных попыток восстановления подключения."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr "Значение «0» отключает использование приращения."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
@@ -1355,7 +1364,7 @@ msgstr ""
 "offline_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1369,7 +1378,7 @@ msgstr ""
 "4 раза превышать значение offline_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
@@ -1379,17 +1388,17 @@ msgstr ""
 "имеет практического смысла."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr "По умолчанию: 3600"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout_random_offset (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
@@ -1398,7 +1407,7 @@ msgstr ""
 "внутренним серверам через заданные промежутки времени:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
@@ -1408,27 +1417,27 @@ msgstr ""
 "случайное число, принадлежащее диапазону:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr "[0 - offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr "Значение «0» отключает добавление случайной задержки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr "По умолчанию: 30"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr "responder_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1447,18 +1456,18 @@ msgstr ""
 "активируются с помощью сокетов или D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "По умолчанию: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr "cache_first"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
@@ -1467,12 +1476,12 @@ msgstr ""
 "опросом поставщиков данных."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "Параметры настройки NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1480,12 +1489,12 @@ msgstr ""
 "(NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1494,17 +1503,17 @@ msgstr ""
 "пользователях) в кэше nss_sss в секундах"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "По умолчанию: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1515,7 +1524,7 @@ msgstr ""
 "значения entry_cache_timeout для домена."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1531,7 +1540,7 @@ msgstr ""
 "ожидании обновления кэша."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1545,17 +1554,17 @@ msgstr ""
 "значения «0» отключает эту возможность."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "По умолчанию: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1567,17 +1576,17 @@ msgstr ""
 "серверу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "По умолчанию: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr "local_negative_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1589,17 +1598,17 @@ msgstr ""
 "возможность."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr "По умолчанию: 14400 (4 часа)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1614,7 +1623,7 @@ msgstr ""
 "(UPN)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1628,17 +1637,17 @@ msgstr ""
 "отфильтрованной вложенной группы."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "По умолчанию: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1646,12 +1655,12 @@ msgstr ""
 "установите этот параметр в значение «false»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1660,7 +1669,7 @@ msgstr ""
 "явно не указан поставщиком данных домена."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1668,7 +1677,7 @@ msgstr ""
 "параметра override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1678,23 +1687,23 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "пример: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr "По умолчанию: не задано (без замен для незаданных домашних каталогов)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1706,19 +1715,19 @@ msgstr ""
 "домена отдельно."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "По умолчанию: не задано (SSSD будет использовать значение, полученное от "
 "LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1726,14 +1735,14 @@ msgstr ""
 "Порядок вычисления:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Если оболочка присутствует в файле <quote>/etc/shells</quote>, будет "
 "использована она."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1742,7 +1751,7 @@ msgstr ""
 "etc/shells</quote>, использовать значение параметра shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1751,14 +1760,14 @@ msgstr ""
 "shells</quote>, будет использована оболочка, которая не требует входа."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 "Чтобы разрешить использование любой оболочки, можно использовать "
 "подстановочный знак (*)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1769,12 +1778,12 @@ msgstr ""
 "ведение списка всех разрешённых оболочек в allowed_shells было бы излишним."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Пустая строка оболочки передаётся libc «как есть»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1783,28 +1792,28 @@ msgstr ""
 "Следовательно, в случае установки новой оболочки потребуется перезапуск SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "По умолчанию: не задано. Автоматически используется оболочка пользователя."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Заменять все экземпляры этих оболочек на shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1812,17 +1821,17 @@ msgstr ""
 "оболочка не установлена на компьютере."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "По умолчанию: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1832,7 +1841,7 @@ msgstr ""
 "разделе [nss] или для каждого домена отдельно."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1841,12 +1850,12 @@ msgstr ""
 "положиться на libc в плане подстановки подходящего варианта, обычно /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1855,12 +1864,12 @@ msgstr ""
 "действительным."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr "memcache_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
@@ -1870,7 +1879,7 @@ msgstr ""
 "отключит кэш в памяти."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
@@ -1880,8 +1889,8 @@ msgstr ""
 "только для тестирования."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
@@ -1891,12 +1900,12 @@ msgstr ""
 "памяти."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr "memcache_size_passwd (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1907,13 +1916,13 @@ msgstr ""
 "памяти для запросов passwd."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr "По умолчанию: 8"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
@@ -1922,12 +1931,12 @@ msgstr ""
 "значительное негативное воздействие на производительность SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr "memcache_size_group (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1938,19 +1947,19 @@ msgstr ""
 "памяти для запросов group."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "По умолчанию: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr "memcache_size_initgroups (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1961,12 +1970,12 @@ msgstr ""
 "отключит кэш в памяти для запросов групп инициализации."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr "memcache_size_sid (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1979,12 +1988,12 @@ msgstr ""
 "размера в значение «0» отключит кэш SID в памяти."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -2001,7 +2010,7 @@ msgstr ""
 "manvolnum> </citerefentry>), но без стандартных значений."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
@@ -2010,17 +2019,17 @@ msgstr ""
 "ли он для ответчика NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr "По умолчанию: не задано, использовать параметр InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr "pwfield (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
@@ -2029,12 +2038,12 @@ msgstr ""
 "вернут для поля <quote>password</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr "По умолчанию: <quote>*</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
@@ -2043,7 +2052,7 @@ msgstr ""
 "что будет иметь приоритет над значением в разделе [nss]."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -2055,12 +2064,12 @@ msgstr ""
 "<quote>x</quote> (домен прокси с nss_files и целью sssd-shadowutils)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "Параметры настройки PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -2069,12 +2078,12 @@ msgstr ""
 "проверки подлинности (PAM)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -2084,17 +2093,17 @@ msgstr ""
 "момента последнего успешного входа)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "По умолчанию: 0 (без ограничений)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -2103,12 +2112,12 @@ msgstr ""
 "режиме, сколько следует допускать неудачных попыток входа."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -2118,7 +2127,7 @@ msgstr ""
 "входа."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -2130,17 +2139,17 @@ msgstr ""
 "возможной, необходимо успешно пройти проверку подлинности в сетевом режиме."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "По умолчанию: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -2149,43 +2158,43 @@ msgstr ""
 "подлинности. Чем больше число, тем больше сообщений будет показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "В настоящее время sssd поддерживает следующие значения:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: не показывать никаких сообщений"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: показывать только важные сообщения"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: показывать информационные сообщения"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: показывать все сообщения и отладочную информацию"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "По умолчанию: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr "pam_response_filter (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -2199,7 +2208,7 @@ msgstr ""
 "установлены pam_sss)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
@@ -2208,37 +2217,37 @@ msgstr ""
 "параметр позволяет отфильтровать также и другие типы ответов."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr "ENV"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr "Не отправлять никаким службам никакие переменные среды."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr "ENV:var_name"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr "Не отправлять переменную среды var_name никаким службам."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr "ENV:var_name:service"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr "Не отправлять переменную среды var_name указанной службе."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -2247,7 +2256,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2265,23 +2274,23 @@ msgstr ""
 "префикса только для части элементов списка считается ошибкой."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr "По умолчанию: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr "Пример: -ENV:KRB5CCNAME:sudo-i удалит фильтр из списка стандартных"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2293,7 +2302,7 @@ msgstr ""
 "данные."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2307,17 +2316,17 @@ msgstr ""
 "обменов данными с поставщиком данных идентификации."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "Показать предупреждение за N дней до истечения срока действия пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2328,7 +2337,7 @@ msgstr ""
 "сможет показать предупреждение."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -2338,7 +2347,7 @@ msgstr ""
 "показано автоматически."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -2347,18 +2356,18 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> для конкретного домена."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "По умолчанию: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2373,12 +2382,12 @@ msgstr ""
 "quote>. Имена пользователей разрешаются в UID при запуске."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr "По умолчанию: все пользователи считаются доверенными по умолчанию"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
@@ -2387,12 +2396,12 @@ msgstr ""
 "если этот идентификатор пользователя отсутствует в списке pam_trusted_users."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
@@ -2401,12 +2410,12 @@ msgstr ""
 "недоверенных пользователей."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr "Для параметра pam_public_domains определены два специальных значения:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -2414,7 +2423,7 @@ msgstr ""
 "PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -2423,19 +2432,19 @@ msgstr ""
 "PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "По умолчанию: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
@@ -2444,7 +2453,7 @@ msgstr ""
 "которое заменит стандартное сообщение «Доступ запрещён»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
@@ -2454,7 +2463,7 @@ msgstr ""
 "(показывать все сообщения и отладочную информацию)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2464,12 +2473,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr "pam_account_locked_message (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
@@ -2478,7 +2487,7 @@ msgstr ""
 "стандартное сообщение «Доступ запрещён»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2488,46 +2497,46 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr "pam_passkey_auth (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr "Включить аутентификацию на основе ключа доступа."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "По умолчанию: true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr "passkey_debug_libfido2 (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr "Включить отладочные сообщения библиотеки libfido2."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "По умолчанию: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr "pam_cert_auth (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2538,22 +2547,22 @@ msgstr ""
 "задержит процесс проверки подлинности, по умолчанию этот параметр отключён."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr "pam_cert_db_path (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr "Путь к базе данных сертификатов."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr "По умолчанию:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
@@ -2562,12 +2571,12 @@ msgstr ""
 "CA в формате PEM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr "pam_cert_verification (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2582,7 +2591,7 @@ msgstr ""
 "<quote>certificate_verification</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2592,7 +2601,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
@@ -2602,24 +2611,24 @@ msgstr ""
 "quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr "p11_child_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 "Разрешённое количество секунд, в течение которого pam_sss ожидает завершения "
 "работы p11_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr "passkey_child_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
@@ -2627,12 +2636,12 @@ msgstr ""
 "завершения работы passkey_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr "pam_app_services (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
@@ -2641,12 +2650,12 @@ msgstr ""
 "типа <quote>application</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr "pam_p11_allowed_services (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
@@ -2655,7 +2664,7 @@ msgstr ""
 "использовать смарт-карты."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2665,7 +2674,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2684,63 +2693,63 @@ msgstr ""
 "конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr "По умолчанию: стандартный набор имён служб PAM включает:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr "gnome-screensaver"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr "p11_wait_for_card_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2751,12 +2760,12 @@ msgstr ""
 "p11_child_timeout) ответчик PAM должен ожидать вставки смарт-карты."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr "p11_uri (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2774,7 +2783,7 @@ msgstr ""
 "чтения."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2784,7 +2793,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2794,7 +2803,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2808,17 +2817,17 @@ msgstr ""
 "URI PKCS#11."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr "pam_initgroups_scheme"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr "always"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
@@ -2826,12 +2835,12 @@ msgstr ""
 "pam_id_timeout всё равно применяется)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr "no_session"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
@@ -2840,12 +2849,12 @@ msgstr ""
 "то есть тогда, когда пользователь не находится в системе"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr "never"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
@@ -2854,7 +2863,7 @@ msgstr ""
 "до тех пор, пока они не устареют"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2867,17 +2876,17 @@ msgstr ""
 "допустимые значения: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr "По умолчанию: no_session"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr "pam_gssapi_services"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
@@ -2886,7 +2895,7 @@ msgstr ""
 "проверку подлинности по GSSAPI с помощью модуля pam_sss_gss.so."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
@@ -2894,7 +2903,7 @@ msgstr ""
 "параметр в значение <quote>-</quote> (дефис)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2906,7 +2915,7 @@ msgstr ""
 "в разделе домена."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2916,22 +2925,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Пример: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr "pam_gssapi_check_upn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2943,7 +2952,7 @@ msgstr ""
 "такой привязки нет, проверка подлинности завершится ошибкой."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
@@ -2952,12 +2961,12 @@ msgstr ""
 "пользователей, получивших необходимый билет службы."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr "pam_gssapi_indicators_map"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2969,7 +2978,7 @@ msgstr ""
 "pam_sss_gss.so."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2996,7 +3005,7 @@ msgstr ""
 "доступ."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -3008,7 +3017,7 @@ msgstr ""
 "<quote>service:-</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
@@ -3017,7 +3026,7 @@ msgstr ""
 "индикаторов проверки подлинности:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
@@ -3026,7 +3035,7 @@ msgstr ""
 "которые хранятся в файлах или на смарт-картах."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
@@ -3035,13 +3044,13 @@ msgstr ""
 "предварительная проверка подлинности, помещённая в канал FAST."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 "radius — предварительная проверка подлинности с помощью сервера RADIUS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
@@ -3050,14 +3059,14 @@ msgstr ""
 "двухфакторной аутентификации (2FA или одноразовый пароль, OTP) в IPA."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 "idp -- предварительная аутентификация с использованием внешнего поставщика "
 "удостоверений."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -3067,7 +3076,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -3079,19 +3088,19 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 "По умолчанию: не задано (использование индикаторов проверки подлинности не "
 "требуется)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "Параметры настройки SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -3108,12 +3117,12 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -3122,12 +3131,12 @@ msgstr ""
 "предназначенные для определения временных ограничений для записей sudoers."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr "sudo_threshold (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -3143,22 +3152,22 @@ msgstr ""
 "к поискам команд и групп команд sudo IPA."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "Параметры настройки AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr "Эти параметры можно использовать для настройки службы autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -3169,22 +3178,22 @@ msgstr ""
 "например, несуществующих) перед повторным запросом к внутреннему серверу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "Параметры настройки SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr "Эти параметры можно использовать для настройки службы SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -3192,12 +3201,12 @@ msgstr ""
 "Следует ли хэшировать имена и адреса узлов в управляемом файле known_hosts."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -3206,17 +3215,17 @@ msgstr ""
 "управляемом файле known_hosts после запроса ключей этого узла."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "По умолчанию: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr "ssh_use_certificate_keys (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -3230,12 +3239,12 @@ msgstr ""
 "<manvolnum>1</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr "ssh_use_certificate_matching_rules (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -3251,7 +3260,7 @@ msgstr ""
 "другие правила будут игнорироваться."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -3263,7 +3272,7 @@ msgstr ""
 "ключи SSH будут создаваться на основе всех действительных сертификатов."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -3277,7 +3286,7 @@ msgstr ""
 "подлинности сертификатов."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
@@ -3286,7 +3295,7 @@ msgstr ""
 "выбрано ни одного правила, все сертификаты будут проигнорированы."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
@@ -3295,12 +3304,12 @@ msgstr ""
 "правила или правило по умолчанию"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr "ca_db (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
@@ -3310,12 +3319,12 @@ msgstr ""
 "SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "Параметры настройки ответчика PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -3333,7 +3342,7 @@ msgstr ""
 "обрабатывается, выполняются некоторые из следующих операций:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -3350,7 +3359,7 @@ msgstr ""
 "можно переопределить с помощью параметра default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -3359,17 +3368,17 @@ msgstr ""
 "добавлен в эти группы."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr "Эти параметры можно использовать для настройки ответчика PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -3380,7 +3389,7 @@ msgstr ""
 "запуске."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
@@ -3389,13 +3398,13 @@ msgstr ""
 "root и пользователям службы SSSD)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "По умолчанию: 0 (доступ к ответчику PAC разрешён только пользователю root)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -3408,7 +3417,7 @@ msgstr ""
 "случай), необходимо явно добавить их в список разрешенных UID."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -3422,12 +3431,12 @@ msgstr ""
 "доступ."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr "pac_lifetime (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
@@ -3436,12 +3445,12 @@ msgstr ""
 "PAC можно использовать для определения участия пользователя в группах."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr "pac_check (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3459,12 +3468,12 @@ msgstr ""
 "пропущена."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr "no_check"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
@@ -3473,12 +3482,12 @@ msgstr ""
 "проверки выполняться не будут."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr "pac_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3489,12 +3498,12 @@ msgstr ""
 "ошибкой."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr "check_upn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
@@ -3503,12 +3512,12 @@ msgstr ""
 "пользователя (UPN) верна."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr "check_upn_allow_missing"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3528,7 +3537,7 @@ msgstr ""
 "устанавливать 'ldap_user_principal'."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3545,24 +3554,24 @@ msgstr ""
 "пропуску проверки и сообщение не появится в журнале."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr "upn_dns_info_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 "PAC должен содержать буфер UPN-DNS-INFO, неявным образом устанавливает "
 "'check_upn'."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr "check_upn_dns_info_ex"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
@@ -3571,12 +3580,12 @@ msgstr ""
 "согласованы ли данные в расширении."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr "upn_dns_info_ex_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
@@ -3585,7 +3594,7 @@ msgstr ""
 "устанавливает 'check_upn_dns_info_ex', 'upn_dns_info_present' и 'check_upn'."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3594,7 +3603,7 @@ msgstr ""
 "запятыми списка: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
@@ -3603,12 +3612,12 @@ msgstr ""
 "check_upn_allow_missing, check_upn_dns_info_ex')"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr "Параметры настройки записи сеансов"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3624,32 +3633,32 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr "Эти параметры можно использовать для настройки записи сеансов."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr "scope (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr "«none»"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr "Пользователи не записываются."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr "«some»"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
@@ -3658,17 +3667,17 @@ msgstr ""
 "<replaceable>users</replaceable> и <replaceable>groups</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr "«all»"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr "Записываются все пользователи."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3677,17 +3686,17 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr "По умолчанию: «none»"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr "users (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3699,17 +3708,17 @@ msgstr ""
 "так далее."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr "По умолчанию: пусто. Не соответствует ни одному пользователю."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr "groups (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3720,7 +3729,7 @@ msgstr ""
 "NSS, то есть после возможной замены пробелов, смены регистра и так далее."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3733,17 +3742,17 @@ msgstr ""
 "установление соответствия групп, участником которых он является."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr "По умолчанию: пусто. Не соответствует ни одной группе."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr "exclude_users (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
@@ -3752,17 +3761,17 @@ msgstr ""
 "применимо только при «scope=all»."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr "По умолчанию: пусто. Не исключается ни один пользователь."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr "exclude_groups (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
@@ -3771,23 +3780,23 @@ msgstr ""
 "применимо только при «scope=all»."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr "По умолчанию: пусто. Не исключается ни одна группа."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "РАЗДЕЛЫ ДОМЕНА"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr "enabled"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3802,12 +3811,12 @@ msgstr ""
 "параметра domains в разделе <quote>[sssd]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr "domain_type (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3820,7 +3829,7 @@ msgstr ""
 "операционной системы доступны только объекты из доменов POSIX."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
@@ -3829,7 +3838,7 @@ msgstr ""
 "<quote>application</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3841,7 +3850,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) и ответчика PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
@@ -3850,7 +3859,7 @@ msgstr ""
 "с <quote>id_provider=ldap</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
@@ -3859,17 +3868,17 @@ msgstr ""
 "<quote>Домены приложений</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr "По умолчанию: posix"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3878,7 +3887,7 @@ msgstr ""
 "находящуюся вне указанного диапазона, она будет проигнорирована."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3892,7 +3901,7 @@ msgstr ""
 "группы, будут выведены в обычном режиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -3901,17 +3910,17 @@ msgstr ""
 "кэш, а не только на их возврат по имени или идентификатору."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "По умолчанию: 1 для min_id, 0 (без ограничений) для max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3924,22 +3933,22 @@ msgstr ""
 "вторичных групп. Этот параметр может иметь одно из следующих значений:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = пользователи и группы перечисляются"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = для этого домена не выполняется перечисление"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "По умолчанию: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
@@ -3948,7 +3957,7 @@ msgstr ""
 "сохранить ВСЕ записи пользователей и групп с удалённого сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
@@ -3957,7 +3966,7 @@ msgstr ""
 "id_provider = proxy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3981,7 +3990,7 @@ msgstr ""
 "перезапущен внутренним сторожевым таймером."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3990,7 +3999,7 @@ msgstr ""
 "или групп могут не вернуть результатов до момента завершения перечисления."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -4004,7 +4013,7 @@ msgstr ""
 "идентификаторов (id_provider)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -4013,7 +4022,7 @@ msgstr ""
 "средах большого размера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -4025,32 +4034,32 @@ msgstr ""
 "этой конфигурации."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Выполнить перечисление для всех обнаруженных доверенных доменов"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Не выполнять перечисление для обнаруженных доверенных доменов"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -4064,12 +4073,12 @@ msgstr ""
 "только для них."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -4078,7 +4087,7 @@ msgstr ""
 "действительными, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -4095,17 +4104,17 @@ msgstr ""
 "уже были кэшированы."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "По умолчанию: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -4115,19 +4124,19 @@ msgstr ""
 "серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "По умолчанию: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -4136,12 +4145,12 @@ msgstr ""
 "действительными, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -4150,12 +4159,12 @@ msgstr ""
 "групп действительными, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -4164,12 +4173,12 @@ msgstr ""
 "действительными, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr "entry_cache_resolver_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
@@ -4178,12 +4187,12 @@ msgstr ""
 "сетей действительными, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -4192,12 +4201,12 @@ msgstr ""
 "действительными, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -4207,12 +4216,12 @@ msgstr ""
 "внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -4222,12 +4231,12 @@ msgstr ""
 "узла в кэше."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr "entry_cache_computer_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
@@ -4236,12 +4245,12 @@ msgstr ""
 "компьютера, прежде чем снова обратиться к внутреннему серверу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -4250,7 +4259,7 @@ msgstr ""
 "обновления всех устаревших или почти устаревших записей."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -4264,18 +4273,18 @@ msgstr ""
 "пользователя в группах, обычно выполняется при запуске)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr "Этот параметр автоматически наследуется для всех доверенных доменов."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Рекомендуется установить это значение равным 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -4296,18 +4305,18 @@ msgstr ""
 "существующего кэша."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "По умолчанию: 0 (отключено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -4324,7 +4333,7 @@ msgstr ""
 "аутентификация записывается в кэш без дополнительной настройки."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -4338,12 +4347,12 @@ msgstr ""
 "пароль с помощью атаки грубой силы."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr "cache_credentials_minimal_first_factor_length (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -4355,7 +4364,7 @@ msgstr ""
 "сохранён в формате контрольной суммы SHA512 в кэше."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
@@ -4365,12 +4374,12 @@ msgstr ""
 "мишенью для атак методом подбора."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -4383,17 +4392,17 @@ msgstr ""
 "быть больше или равно значению offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "По умолчанию: 0 (без ограничений)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -4406,17 +4415,17 @@ msgstr ""
 "настроить поставщика данных проверки подлинности."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "По умолчанию: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -4424,12 +4433,12 @@ msgstr ""
 "Поддерживаемые поставщики ID:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "<quote>proxy</quote>: поддержка устаревшего поставщика NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4441,7 +4450,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4452,8 +4461,8 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4465,8 +4474,8 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4477,12 +4486,12 @@ msgstr ""
 "ad</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -4491,7 +4500,7 @@ msgstr ""
 "домена) в качестве имени для входа пользователя, которое сообщается NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -4505,7 +4514,7 @@ msgstr ""
 "passwd test@LOCAL</command> получится это сделать."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -4516,7 +4525,7 @@ msgstr ""
 "групп выполняется поиск во всех доменах, когда запрашивается неполное имя."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
@@ -4525,17 +4534,17 @@ msgstr ""
 "использования default_domain_suffix)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr "Не возвращать участников групп для поиска групп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -4554,7 +4563,7 @@ msgstr ""
 "запрошенную группу так, как будто она пуста."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -4565,11 +4574,11 @@ msgstr ""
 "количество участников)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
@@ -4578,12 +4587,12 @@ msgstr ""
 "унаследован с помощью <emphasis>subdomain_inherit</emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -4592,7 +4601,7 @@ msgstr ""
 "Поддерживаемые поставщики данных для проверки подлинности:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4603,7 +4612,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4615,7 +4624,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -4623,12 +4632,12 @@ msgstr ""
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> — явно отключить проверку подлинности."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4637,12 +4646,12 @@ msgstr ""
 "задан и поддерживает обработку запросов проверки подлинности."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4653,7 +4662,7 @@ msgstr ""
 "включены в установленные внутренние серверы). Внутренние особые поставщики:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -4662,12 +4671,12 @@ msgstr ""
 "разрешённого доступа для локального домена."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> — всегда отказывать в доступе."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4680,7 +4689,7 @@ msgstr ""
 "<manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4691,23 +4700,23 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 "<quote>proxy</quote> — передать управление доступом другому модулю PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "По умолчанию: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4716,7 +4725,7 @@ msgstr ""
 "домена. Поддерживаемые поставщики данных смены пароля:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4727,7 +4736,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4738,19 +4747,19 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 "<quote>proxy</quote> — передать смену пароля какой-либо другой цели PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> — явно запретить смену пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4759,19 +4768,19 @@ msgstr ""
 "задан и поддерживает обработку запросов смены пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Поставщик данных SUDO, который используется для домена. Поддерживаемые "
 "поставщики данных SUDO:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4782,7 +4791,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -4791,7 +4800,7 @@ msgstr ""
 "параметрами IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -4800,20 +4809,20 @@ msgstr ""
 "параметрами AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> — явно отключить SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "По умолчанию: использовать значение <quote>id_provider</quote>, если этот "
 "параметр задан."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4831,7 +4840,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4845,12 +4854,12 @@ msgstr ""
 "планируется использовать sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4861,7 +4870,7 @@ msgstr ""
 "работы поставщика доступа. Поддерживаемые поставщики данных SELinux:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4872,12 +4881,12 @@ msgstr ""
 "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr "<quote>none</quote> — явно отключает получение параметров SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -4886,12 +4895,12 @@ msgstr ""
 "задан и поддерживает обработку запросов загрузки параметров SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -4901,7 +4910,7 @@ msgstr ""
 "Поддерживаемые поставщики данных поддоменов:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4912,7 +4921,7 @@ msgstr ""
 "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4925,17 +4934,17 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> — явно отключает получение данных поддоменов."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr "session_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4947,14 +4956,14 @@ msgstr ""
 "Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 "<quote>ipa</quote> — разрешить выполнение заданий, связанных с сеансами "
 "пользователей."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
@@ -4962,7 +4971,7 @@ msgstr ""
 "пользователей."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
@@ -4971,12 +4980,12 @@ msgstr ""
 "задан и поддерживает выполнение заданий, связанных с сеансами."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -4984,7 +4993,7 @@ msgstr ""
 "поставщики данных autofs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4995,7 +5004,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5006,7 +5015,7 @@ msgstr ""
 "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5018,17 +5027,17 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> — явно отключить autofs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -5037,7 +5046,7 @@ msgstr ""
 "узла. Поддерживаемые поставщики hostid:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -5049,17 +5058,17 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> — явно отключить hostid."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr "resolver_provider (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
@@ -5068,7 +5077,7 @@ msgstr ""
 "Поддерживаемые поставщики данных сопоставления:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
@@ -5077,7 +5086,7 @@ msgstr ""
 "NSS. См. <quote>proxy_resolver_lib_name</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -5089,7 +5098,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -5102,12 +5111,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr "<quote>none</quote> — явно отключает получение записей узлов и сетей."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -5122,7 +5131,7 @@ msgstr ""
 "домена."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
@@ -5132,17 +5141,17 @@ msgstr ""
 "пользователей:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -5155,12 +5164,12 @@ msgstr ""
 "назначать три разных стиля записи имён пользователей:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -5169,7 +5178,7 @@ msgstr ""
 "обеспечения простой интеграции пользователей из доменов Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -5185,17 +5194,17 @@ msgstr ""
 "создать собственное re_expression."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -5204,46 +5213,46 @@ msgstr ""
 "следует использовать при выполнении запросов DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Поддерживаемые значения:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти "
 "адрес IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: пытаться разрешать имена узлов только в адреса IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти "
 "адрес IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: пытаться разрешать имена узлов только в адреса IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "По умолчанию: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_server_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
@@ -5253,7 +5262,7 @@ msgstr ""
 "следующему."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
@@ -5261,7 +5270,7 @@ msgstr ""
 "времени проверки связи CLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
@@ -5270,17 +5279,17 @@ msgstr ""
 "<quote>ОБРАБОТКА ОТКАЗА</quote>."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "По умолчанию: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_op_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -5292,17 +5301,17 @@ msgstr ""
 "следующего DNS."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "По умолчанию: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -5315,12 +5324,12 @@ msgstr ""
 "работу в автономном режиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_use_search_list (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -5331,7 +5340,7 @@ msgstr ""
 "средах с неправильно настроенным DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -5342,17 +5351,17 @@ msgstr ""
 "запросы DNS в таких средах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "По умолчанию: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -5361,17 +5370,17 @@ msgstr ""
 "доменную часть запроса обнаружения служб DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "По умолчанию: использовать доменную часть имени узла компьютера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr "failover_primary_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -5382,59 +5391,59 @@ msgstr ""
 "повторного подключения к основному серверу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr "Примечание: минимальное значение — 31."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 msgid "Default: 31"
 msgstr "По умолчанию: 31"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "Переопределить значение основного GID указанным значением."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 "С учётом регистра. Это значение не является корректным для поставщика данных "
 "AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr "Без учёта регистра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -5446,7 +5455,7 @@ msgstr ""
 "регистр в выведенных данных."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
@@ -5456,7 +5465,7 @@ msgstr ""
 "на сервере."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -5465,17 +5474,17 @@ msgstr ""
 "значения: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr "По умолчанию: True (False для поставщика данных AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -5487,47 +5496,47 @@ msgstr ""
 "параметров:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr "ldap_offline_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
@@ -5536,57 +5545,57 @@ msgstr ""
 "ldap_krb5_keytab не задан явно)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr "auto_private_groups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr "case_sensitive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -5596,28 +5605,28 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 "Примечание: этот параметр работает только для поставщиков данных IPA и AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "плоское (NetBIOS) имя поддомена."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -5633,7 +5642,7 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -5641,29 +5650,29 @@ msgstr ""
 "<emphasis>override_homedir</emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "По умолчанию: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 "Различные метки, сохранённые службой настройки realmd для этого домена."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr "cached_auth_timeout (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -5677,7 +5686,7 @@ msgstr ""
 "сетевом режиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
@@ -5687,12 +5696,12 @@ msgstr ""
 "значения."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr "Специальное значение «0» подразумевает, что эта возможность отключена."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -5703,12 +5712,12 @@ msgstr ""
 "обработки <quote>initgroups.</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr "local_auth_policy (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -5728,7 +5737,7 @@ msgstr ""
 "и проверяются локально."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -5748,7 +5757,7 @@ msgstr ""
 "разделены запятыми, например, <quote>enable:passkey, enable:smartcard</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -5760,42 +5769,42 @@ msgstr ""
 "local_auth_policy: <quote>match</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr "local_auth_policy = match (по умолчанию)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr "Ключ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr "Смарт-карта"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr "выключено"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr "LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5808,7 +5817,7 @@ msgstr ""
 "е., например, вместо запроса пароля будет предложено ввести PIN-код."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5824,7 +5833,7 @@ msgstr ""
 "local_auth_policy = only\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5836,7 +5845,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
@@ -5846,22 +5855,22 @@ msgstr ""
 "помощью смарт-карты."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 msgid "Default: match"
 msgstr "По умолчанию: match"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr "auto_private_groups (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr "true"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
@@ -5870,7 +5879,7 @@ msgstr ""
 "UID пользователя. Номер GID в этом случае игнорируется."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5884,12 +5893,12 @@ msgstr ""
 "пространстве идентификаторов."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr "false"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
@@ -5898,12 +5907,12 @@ msgstr ""
 "ссылаться на объект группы в базе данных LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr "hybrid"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5918,7 +5927,7 @@ msgstr ""
 "основной GID этого пользователя разрешается в этот объект группы."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
@@ -5927,7 +5936,7 @@ msgstr ""
 "группы; в ином случае GID просто будет невозможно разрешить."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5938,7 +5947,7 @@ msgstr ""
 "сохранить существующие закрытые группы пользователей."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -5947,7 +5956,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
@@ -5957,7 +5966,7 @@ msgstr ""
 "поддоменов, которые используют автоматическое сопоставление идентификаторов."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5967,7 +5976,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5979,7 +5988,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5993,7 +6002,7 @@ msgstr ""
 "type=\"programlisting\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -6004,17 +6013,17 @@ msgstr ""
 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "Цель, которой пересылает данные прокси PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -6026,12 +6035,12 @@ msgstr ""
 "local_auth_policy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -6042,12 +6051,12 @@ msgstr ""
 "_nss_$(libName)_$(function), например: _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr "proxy_resolver_lib_name (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -6058,12 +6067,12 @@ msgstr ""
 "вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -6077,12 +6086,12 @@ msgstr ""
 "идентификатора в кэше в целях ускорения предоставления результатов."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr "proxy_max_children (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -6094,7 +6103,7 @@ msgstr ""
 "постановки запросов в очередь."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -6103,12 +6112,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr "Домены приложений"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -6137,7 +6146,7 @@ msgstr ""
 "традиционного домена SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -6148,17 +6157,17 @@ msgstr ""
 "порядок поиска для домена приложений и его родственного домена POSIX."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr "Параметры доменов приложений"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr "inherit_from (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -6171,7 +6180,7 @@ msgstr ""
 "<quote>родственного</quote> домена."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -6186,7 +6195,7 @@ msgstr ""
 "атрибут phone доступным через интерфейс D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6220,12 +6229,12 @@ msgstr ""
 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -6243,57 +6252,57 @@ msgstr ""
 "поддерживаются следующие параметры:"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr "ldap_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr "ldap_user_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr "ldap_group_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr "ldap_netgroup_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr "ldap_service_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr "ldap_sasl_mech,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr "ad_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr "ad_backup_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr "ad_site,"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr "use_fully_qualified_names"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
@@ -6302,12 +6311,12 @@ msgstr ""
 "справочной странице."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr "РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -6330,7 +6339,7 @@ msgstr ""
 "проверки подлинности."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -6341,7 +6350,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>)."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -6354,12 +6363,12 @@ msgstr ""
 "replaceable>]</quote>. В этом разделе допустимы следующие параметры:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr "matchrule (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
@@ -6368,7 +6377,7 @@ msgstr ""
 "соответствуют этому правилу. Все остальные будут игнорироваться."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
@@ -6378,17 +6387,17 @@ msgstr ""
 "<quote>clientAuth</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr "maprule (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr "Определяет способ поиска пользователя для указанного сертификата."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
@@ -6398,7 +6407,7 @@ msgstr ""
 "quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -6406,12 +6415,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr "domains (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -6424,17 +6433,17 @@ msgstr ""
 "параметра можно добавить правило также и в поддомены."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr "По умолчанию: настроенный домен в sssd.conf"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr "priority (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -6445,12 +6454,12 @@ msgstr ""
 "приоритет, а <quote>4294967295</quote> — самый низкий."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr "По умолчанию: самый низкий приоритет"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
@@ -6460,7 +6469,7 @@ msgstr ""
 "свойства:"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
@@ -6469,7 +6478,7 @@ msgstr ""
 "RULE_NAME"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -6482,17 +6491,17 @@ msgstr ""
 "<quote>({subject_rfc822_name.short_name})</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr "параметр <quote>domains</quote> игнорируется"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr "РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -6507,7 +6516,7 @@ msgstr ""
 "запросит у пользователя соответствующие учётные данные."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -6520,22 +6529,22 @@ msgstr ""
 "Следующие параметры обеспечивают более гибкую настройку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr "[prompting/password]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr "password_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr "изменить строку запроса пароля"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -6544,37 +6553,37 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr "[prompting/2fa]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr "first_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr "изменить строку запроса первого фактора"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr "second_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr "изменить строку запроса второго фактора"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr "single_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -6587,7 +6596,7 @@ msgstr ""
 "фактора, даже если второй фактор является необязательным."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -6600,7 +6609,7 @@ msgstr ""
 "пароль, либо оба фактора, следует использовать двухэтапный запрос."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -6611,17 +6620,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr "[prompting/passkey]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr "interactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -6632,22 +6641,22 @@ msgstr ""
 "тактильного переключателя."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr "interactive_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr "изменить сообщение интерактивного запроса."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr "touch"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
@@ -6656,17 +6665,17 @@ msgstr ""
 "пользователю о необходимости коснуться устройства."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr "touch_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr "изменить сообщение запроса касания."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -6675,7 +6684,7 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -6689,7 +6698,7 @@ msgstr ""
 "type=\"variablelist\" id=\"2\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -6700,12 +6709,12 @@ msgstr ""
 "конкретно для этой службы."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr "ПРИМЕРЫ"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6757,7 +6766,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -6769,7 +6778,7 @@ msgstr ""
 "документации. <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -6779,7 +6788,7 @@ msgstr ""
 "use_fully_qualified_names = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -6796,7 +6805,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -6812,7 +6821,7 @@ msgstr ""
 "priority = 10\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -7544,7 +7553,7 @@ msgstr ""
 "параметра <emphasis>ldap_connection_expire_offset</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "По умолчанию: 900 (15 минут)"
 
@@ -7649,12 +7658,22 @@ msgstr "Отключить получение диапазонов Active Direct
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
-msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+#, fuzzy
+#| msgid ""
+#| "Active Directory limits the number of members to be retrieved in a single "
+#| "lookup using the MaxValRange policy (which defaults to 1500 members). If "
+#| "a group contains more members, the reply would include an AD-specific "
+#| "range extension. This option disables parsing of the range extension, "
+#| "therefore large groups will appear as having no members."
+msgid ""
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 "Active Directory ограничивает количество участников, которые могут быть "
 "получены за один поиск, с помощью политики MaxValRange (значение по "
@@ -7664,12 +7683,12 @@ msgstr ""
 "большие группы будут показаны как группы без участников."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -7680,19 +7699,19 @@ msgstr ""
 "Значение этого параметра определяется OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "По умолчанию: использовать стандартное системное значение (обычно "
 "указывается в ldap.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr "ldap_sasl_maxssf (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -7703,12 +7722,12 @@ msgstr ""
 "Значение этого параметра определяется OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -7720,7 +7739,7 @@ msgstr ""
 "для каждого из них по отдельности."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -7737,7 +7756,7 @@ msgstr ""
 "поддерживает его и объявляет управление разыменованием в объекте rootDSE."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -7750,7 +7769,7 @@ msgstr ""
 "OpenLDAP и Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -7761,12 +7780,12 @@ msgstr ""
 "независимо от значения этого параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr "ldap_ignore_unreadable_references (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -7778,7 +7797,7 @@ msgstr ""
 "игнорирования нечитаемой записи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -7790,12 +7809,12 @@ msgstr ""
 "безопасности."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -7804,7 +7823,7 @@ msgstr ""
 "в сеансе TLS, если это требуется. Можно указать одно из следующих значений:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -7813,7 +7832,7 @@ msgstr ""
 "сертификаты сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7825,7 +7844,7 @@ msgstr ""
 "продолжится в обычном режиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7836,7 +7855,7 @@ msgstr ""
 "предоставлен ошибочный сертификат, сеанс немедленно будет завершён."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -7847,22 +7866,22 @@ msgstr ""
 "немедленно будет завершён."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = аналогично <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "По умолчанию: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -7871,7 +7890,7 @@ msgstr ""
 "сертификации, которые распознаются <command>sssd</command>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -7880,12 +7899,12 @@ msgstr ""
 "хранятся в <filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -7906,32 +7925,32 @@ msgstr ""
 "использовать команду <command>cacertdir_rehash</command>, если она доступна."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "Позволяет указать файл, который содержит сертификат для ключа клиента."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "Позволяет указать файл, который содержит ключ клиента."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -7943,12 +7962,12 @@ msgstr ""
 "<manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -7960,12 +7979,12 @@ msgstr ""
 "<emphasis>true</emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -7977,19 +7996,19 @@ msgstr ""
 "ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "В настоящее время эта функциональная возможность поддерживает только "
 "сопоставление objectSID Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr "ldap_min_id, ldap_max_id (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -8009,17 +8028,17 @@ msgstr ""
 "другие диапазоны для сопоставления идентификаторов."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr "По умолчанию: не задано (оба параметра установлены в значение 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
@@ -8028,7 +8047,7 @@ msgstr ""
 "время протестированы и поддерживаются только GSSAPI и GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -8046,12 +8065,12 @@ msgstr ""
 "manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -8071,7 +8090,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -8091,17 +8110,17 @@ msgstr ""
 "найдены, возвращается первый участник из таблицы ключей."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "По умолчанию: host/hostname@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -8112,17 +8131,17 @@ msgstr ""
 "ldap_sasl_authid также содержит область, этот параметр игнорируется."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "По умолчанию: значение krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -8132,36 +8151,36 @@ msgstr ""
 "привязки SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "По умолчанию: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 "Позволяет указать таблицу ключей, которую следует использовать при "
 "использовании проверки подлинности с помощью SASL/GSSAPI/GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "По умолчанию: системная таблица ключей, обычно <filename>/etc/krb5.keytab</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -8172,12 +8191,12 @@ msgstr ""
 "используется SASL и выбран механизм GSSAPI или GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
@@ -8185,17 +8204,17 @@ msgstr ""
 "GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "По умолчанию: 86400 (24 часа)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -8214,7 +8233,7 @@ msgstr ""
 "сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -8226,7 +8245,7 @@ msgstr ""
 "в которых в качестве протокола указан _tcp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -8237,31 +8256,31 @@ msgstr ""
 "перейти на использование <quote>krb5_server</quote> в файлах конфигурации."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 "Позволяет указать область Kerberos (для проверки подлинности с помощью SASL/"
 "GSSAPI/GSS-SPNEGO)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "По умолчанию: стандартные параметры системы, см. <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -8271,12 +8290,12 @@ msgstr ""
 ">= 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -8291,7 +8310,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -8302,12 +8321,12 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -8316,7 +8335,7 @@ msgstr ""
 "клиента. Допускаются следующие значения:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -8325,7 +8344,7 @@ msgstr ""
 "параметра нельзя отключить политики паролей на стороне сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -8338,7 +8357,7 @@ msgstr ""
 "пароля. См. также опцию «ldap_chpass_update_last_change»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -8350,7 +8369,7 @@ msgstr ""
 "chpass_provider=krb5."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -8360,18 +8379,18 @@ msgstr ""
 "этого параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Позволяет указать, следует ли включить автоматическое прослеживание ссылок."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -8380,7 +8399,7 @@ msgstr ""
 "случае, если сервис собран с OpenLDAP версии 2.4.13 или выше."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -8402,29 +8421,29 @@ msgstr ""
 "домена AD, это не позволило бы получить дополнительные данные."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Позволяет указать имя службы, которое будет использоваться, когда включено "
 "обнаружение служб."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "По умолчанию: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -8433,17 +8452,17 @@ msgstr ""
 "менять пароль, когда включено обнаружение служб."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "По умолчанию: не задано, то есть обнаружение служб отключено"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -8452,7 +8471,7 @@ msgstr ""
 "данными о количестве дней с момента выполнения действия по смены пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -8465,12 +8484,12 @@ msgstr ""
 "SSSD должен обновить его."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -8499,12 +8518,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Пример:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -8516,7 +8535,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -8525,7 +8544,7 @@ msgstr ""
 "атрибут employeeType которых установлен в значение «admin»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -8540,17 +8559,17 @@ msgstr ""
 "в автономном режиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "По умолчанию: пусто"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -8559,7 +8578,7 @@ msgstr ""
 "доступом на стороне клиента."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -8570,12 +8589,12 @@ msgstr ""
 "соответствующим кодом ошибки, даже если пароль верен."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Допускаются следующие значения:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -8584,7 +8603,7 @@ msgstr ""
 "для определения того, не истёк ли срок действия учётной записи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -8597,7 +8616,7 @@ msgstr ""
 "не истёк ли срок действия учётной записи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -8608,7 +8627,7 @@ msgstr ""
 "разрешён ли доступ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -8621,7 +8640,7 @@ msgstr ""
 "Если все атрибуты отсутствуют, доступ предоставляется."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -8632,24 +8651,24 @@ msgstr ""
 "использовать параметр ldap_account_expire_policy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Разделённый запятыми список параметров управления доступом. Допустимые "
 "значения:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: использовать ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8665,7 +8684,7 @@ msgstr ""
 "«access_provider = ldap»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
@@ -8675,7 +8694,7 @@ msgstr ""
 "следующей версии.  </emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8698,12 +8717,12 @@ msgstr ""
 "возможности необходимо задать «access_provider = ldap»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -8717,7 +8736,7 @@ msgstr ""
 "и для проверки подлинности используются не пароли, а, например, ключи SSH."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
@@ -8726,18 +8745,18 @@ msgstr ""
 "предпринимаются, если срок действия пароля пользователя истёк:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr "pwd_expire_policy_reject — пользователю отказано во входе в систему,"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 "pwd_expire_policy_warn — пользователь по-прежнему может войти в систему,"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
@@ -8746,7 +8765,7 @@ msgstr ""
 "свой пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 #, fuzzy
 #| msgid ""
 #| "Please note that 'access_provider = ldap' must be set for this feature to "
@@ -8762,7 +8781,7 @@ msgstr ""
 "паролей в качестве значения параметра «ldap_pwd_policy»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -8771,14 +8790,14 @@ msgstr ""
 "authorizedService для определения возможности доступа"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: использовать атрибут host для определения "
 "возможности доступа"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
@@ -8787,7 +8806,7 @@ msgstr ""
 "возможности доступа удалённого узла"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
@@ -8797,12 +8816,12 @@ msgstr ""
 "прежде чем включать этот параметр управления доступом"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "По умолчанию: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -8811,12 +8830,12 @@ msgstr ""
 "ошибкой конфигурации."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -8829,22 +8848,22 @@ msgstr ""
 "невозможности надлежащим образом проверить атрибуты ppolicy на сервере LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Пример: cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "По умолчанию: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -8853,12 +8872,12 @@ msgstr ""
 "выполнении поиска. Допустимые варианты:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis>: разыменование псевдонимов не выполняется."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -8868,7 +8887,7 @@ msgstr ""
 "объекта поиска."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -8877,7 +8896,7 @@ msgstr ""
 "при определении расположения базового объекта поиска."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -8886,7 +8905,7 @@ msgstr ""
 "поиске, так и при определении расположения базового объекта поиска."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -8895,12 +8914,12 @@ msgstr ""
 "клиентскими библиотеками LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -8909,7 +8928,7 @@ msgstr ""
 "серверов, которые используют схему RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -8926,7 +8945,7 @@ msgstr ""
 "информацию о пользователе через вызовы getpw*() или initgroups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -8938,12 +8957,12 @@ msgstr ""
 "группами LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr "wildcard_limit (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
@@ -8952,24 +8971,24 @@ msgstr ""
 "поиска с использованием подстановочных знаков."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 "В настоящее время только ответчик InfoPipe поддерживает поиск с "
 "использованием подстановочных знаков."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr "По умолчанию: 1000 (часто размер одной страницы)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr "ldap_library_debug_level (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
@@ -8978,7 +8997,7 @@ msgstr ""
 "записываются независимо от общего debug_level."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
@@ -8987,17 +9006,17 @@ msgstr ""
 "компонентов, -1 включает полный отладочный вывод."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "По умолчанию: 0 (отладка libldap отключена)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_use_ppolicy (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -9008,14 +9027,14 @@ msgstr ""
 "службами, отправляющими обратно недопустимое расширение ppolicy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -9046,12 +9065,12 @@ msgstr ""
 "</citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "ПАРАМЕТРЫ SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -9062,12 +9081,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -9076,7 +9095,7 @@ msgstr ""
 "загружаются все правила, которые хранятся на сервере)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -9085,7 +9104,7 @@ msgstr ""
 "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
@@ -9094,17 +9113,17 @@ msgstr ""
 "Но должно быть включено либо интеллектуальное, либо полное обновление."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "По умолчанию: 21600 (6 часов)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -9116,7 +9135,7 @@ msgstr ""
 "в настоящее время известно SSSD)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -9125,7 +9144,7 @@ msgstr ""
 "modifyTimestamp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -9141,7 +9160,7 @@ msgstr ""
 "<emphasis>ldap_connection_expire_timeout</emphasis>)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
@@ -9151,12 +9170,12 @@ msgstr ""
 "обновление."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_sudo_random_offset (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -9167,7 +9186,7 @@ msgstr ""
 "периодического задания. Значение указывается в секундах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -9178,17 +9197,17 @@ msgstr ""
 "время, в течение которого правила sudo недоступны для использования."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr "Можно отключить эту задержку, установив значение «0»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -9198,12 +9217,12 @@ msgstr ""
 "адресов узлов/сетей в формате IPv4 или IPv6)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -9212,7 +9231,7 @@ msgstr ""
 "следует использовать для фильтрации правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -9221,8 +9240,8 @@ msgstr ""
 "обнаружить имя узла и полное доменное имя."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -9231,17 +9250,17 @@ msgstr ""
 "<emphasis>false</emphasis>, этот параметр ни на что не влияет."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "По умолчанию: не указано"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -9250,7 +9269,7 @@ msgstr ""
 "следует использовать для фильтрации правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -9259,12 +9278,12 @@ msgstr ""
 "обнаружить адреса."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -9273,12 +9292,12 @@ msgstr ""
 "правила, которые содержат сетевую группу в атрибуте sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (логическое значение)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -9287,7 +9306,7 @@ msgstr ""
 "правила, которые содержат подстановочный знак в атрибуте sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
@@ -9296,7 +9315,7 @@ msgstr ""
 "операция на стороне сервера LDAP!"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -9309,12 +9328,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "ПАРАМЕТРЫ AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
@@ -9323,47 +9342,47 @@ msgstr ""
 "схемы LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "Имя основной карты автоматического монтирования в LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "По умолчанию: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "ДОПОЛНИТЕЛЬНЫЕ ПАРАМЕТРЫ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -9376,22 +9395,22 @@ msgstr ""
 "эту возможность, если имена групп отображаются некорректно."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (строка)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -9404,14 +9423,14 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "ПРИМЕР"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -9422,7 +9441,7 @@ msgstr ""
 "<replaceable>[domains]</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9442,7 +9461,7 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -9450,12 +9469,12 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr "ПРИМЕР ФИЛЬТРА ДОСТУПА LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
@@ -9464,7 +9483,7 @@ msgstr ""
 "используется ldap_access_order=lockout."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9490,13 +9509,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ПРИМЕЧАНИЯ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -9570,7 +9589,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "ОПЦИИ"
 
@@ -15831,7 +15850,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr "СОСТОЯНИЕ ВЫХОДА"
@@ -15990,7 +16009,7 @@ msgstr "Пароль для скрытия будет прочитан из по
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -18232,22 +18251,27 @@ msgstr ""
 "доступны на справочной странице <citerefentry> <refentrytitle>ssh_config</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 "Искать открытые ключи узла в домене SSSD <replaceable>DOMAIN</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-H</option>,<option>--ssh-hosts</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-H</option>,<option>--ssh-hosts</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -18255,12 +18279,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -18274,7 +18298,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -18282,7 +18306,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -18291,10 +18315,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
+#, fuzzy
+#| msgid ""
+#| "In case of successful execution, even if no key was found, 0 is returned. "
+#| "1 is returned in case of error."
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 "В случае успешного выполнения, даже если ключ не найден, возвращается "
 "значение «0». В случае ошибки возвращается «1»."
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index 5da6f683ae..6d505c92bc 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 2.10.0\n"
+"Project-Id-Version: sssd-docs 2.10.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -208,10 +208,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -230,10 +230,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -267,8 +267,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -298,8 +298,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -366,7 +366,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -386,12 +386,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> "
 "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -400,39 +400,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -590,8 +590,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -862,7 +862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -893,25 +893,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by "
+"/proc/sys/fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -919,7 +928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -938,12 +947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -952,22 +961,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -977,17 +986,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -997,17 +1006,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1018,14 +1027,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + "
 "random[0...offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1033,44 +1042,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1079,58 +1088,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1142,59 +1151,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) "
 "service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1202,7 +1211,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1212,7 +1221,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1221,17 +1230,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1239,17 +1248,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1257,17 +1266,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1276,7 +1285,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1285,39 +1294,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1325,23 +1334,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1349,46 +1358,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in "
 "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in "
 "<quote>/etc/shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1396,56 +1405,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the "
 "machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during "
 "lookup. This option can be specified globally in the [nss] section or "
@@ -1453,58 +1462,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd "
@@ -1512,25 +1521,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1538,19 +1547,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1558,12 +1567,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1572,12 +1581,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1589,43 +1598,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), "
@@ -1634,60 +1643,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1695,59 +1704,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during "
 "authentication. The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1756,51 +1765,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1811,22 +1820,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1834,7 +1843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a "
@@ -1844,17 +1853,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1862,7 +1871,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be "
@@ -1870,25 +1879,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting "
 "<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1898,74 +1907,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1973,19 +1982,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1993,46 +2002,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2040,34 +2049,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2077,7 +2086,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2085,58 +2094,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2144,7 +2153,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2156,63 +2165,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2220,12 +2229,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2236,7 +2245,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2244,7 +2253,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = "
@@ -2253,7 +2262,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2262,46 +2271,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2310,31 +2319,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> "
 "(dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2342,7 +2351,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2350,22 +2359,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2373,19 +2382,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2393,7 +2402,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2408,7 +2417,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to "
 "<quote>-</quote> (dash). To disable the check for a specific PAM service, "
@@ -2416,45 +2425,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2462,7 +2471,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2470,17 +2479,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> "
@@ -2492,24 +2501,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2520,22 +2529,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2543,51 +2552,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2597,12 +2606,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2612,7 +2621,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2620,7 +2629,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2629,38 +2638,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2671,7 +2680,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2682,24 +2691,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2707,19 +2716,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2728,7 +2737,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2737,24 +2746,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2765,24 +2774,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2790,24 +2799,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2819,7 +2828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2830,60 +2839,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> "
@@ -2894,66 +2903,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording "
 "enabled. Matches user names as returned by NSS. I.e. after the possible "
@@ -2961,17 +2970,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2979,7 +2988,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -2988,57 +2997,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3048,12 +3057,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3062,14 +3071,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3078,38 +3087,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For "
@@ -3118,24 +3127,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3144,36 +3153,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3187,14 +3196,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3203,14 +3212,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3218,32 +3227,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3252,19 +3261,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3275,139 +3284,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3416,17 +3425,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3438,18 +3447,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3460,7 +3469,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3469,12 +3478,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3482,19 +3491,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3503,17 +3512,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3522,29 +3531,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> "
 "<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3553,7 +3562,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3561,8 +3570,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -3571,8 +3580,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3580,19 +3589,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified "
 "names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3601,7 +3610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3609,24 +3618,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3638,7 +3647,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3646,30 +3655,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3677,7 +3686,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3685,29 +3694,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3715,19 +3724,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -3736,7 +3745,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> "
@@ -3745,29 +3754,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -3776,7 +3785,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3784,34 +3793,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3819,32 +3828,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3855,7 +3864,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3864,12 +3873,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3877,7 +3886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -3886,31 +3895,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -3919,7 +3928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3928,17 +3937,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3946,34 +3955,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3981,7 +3990,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3989,7 +3998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3997,24 +4006,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -4023,31 +4032,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -4056,7 +4065,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4065,12 +4074,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4080,7 +4089,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: "
 "<quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;[^@]+))$</quote> "
@@ -4088,17 +4097,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: "
 "<quote>^(((?P&lt;domain&gt;[^\\\\]+)\\\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;name&gt;[^@\\\\]+)))$</quote> "
@@ -4106,19 +4115,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4128,88 +4137,88 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4217,17 +4226,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is "
@@ -4236,12 +4245,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4249,7 +4258,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4257,34 +4266,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup "
 "server. This option defines the number of seconds SSSD waits before "
@@ -4292,57 +4301,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 msgid "Default: 31"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4350,31 +4359,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4382,104 +4391,104 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4487,27 +4496,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4517,32 +4526,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4551,19 +4560,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4571,12 +4580,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4588,7 +4597,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, "
 "enable. <quote>match</quote> is used to match offline and online states for "
@@ -4600,7 +4609,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4608,42 +4617,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4652,7 +4661,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4663,7 +4672,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4671,36 +4680,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 msgid "Default: match"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4709,24 +4718,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4736,14 +4745,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4751,21 +4760,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4773,7 +4782,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4782,7 +4791,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4791,7 +4800,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called "
@@ -4800,17 +4809,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4818,12 +4827,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4831,12 +4840,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4844,12 +4853,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4858,12 +4867,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4871,19 +4880,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> "
@@ -4901,7 +4910,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4909,17 +4918,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4928,7 +4937,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4938,7 +4947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4958,12 +4967,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called "
@@ -4974,69 +4983,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5050,7 +5059,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5058,7 +5067,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like "
@@ -5067,43 +5076,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5111,12 +5120,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5125,17 +5134,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5143,26 +5152,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like "
@@ -5171,17 +5180,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file "
 "(<filename>/var/lib/sss/pubconf/pam_preauth_available</filename>)  exists "
@@ -5191,7 +5200,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5200,59 +5209,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5261,7 +5270,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5270,7 +5279,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM "
@@ -5281,17 +5290,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5299,46 +5308,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5347,7 +5356,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, "
 "e.g. <quote>[prompting/password/sshd]</quote> to individual change the "
@@ -5355,12 +5364,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5389,7 +5398,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5398,7 +5407,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5406,7 +5415,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5417,7 +5426,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5428,7 +5437,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6012,7 +6021,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6100,20 +6109,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 "
+"members. If a group contains more than 1500 members, the reply includes an "
+"AD-specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6121,17 +6133,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6139,12 +6151,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6152,7 +6164,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to "
 "0. Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6163,7 +6175,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6172,7 +6184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6180,12 +6192,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6193,7 +6205,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6201,26 +6213,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6228,7 +6240,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6236,7 +6248,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6244,41 +6256,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in "
 "<filename>/etc/openldap/ldap.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6288,32 +6300,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6321,12 +6333,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  "
@@ -6334,12 +6346,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6347,17 +6359,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6368,24 +6380,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6396,12 +6408,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6414,7 +6426,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6426,17 +6438,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6444,49 +6456,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6494,29 +6506,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is "
 "used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of "
@@ -6528,7 +6540,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6536,7 +6548,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of "
 "SSSD. While the legacy name is recognized for the time being, users are "
@@ -6545,39 +6557,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6587,7 +6599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> "
 "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
@@ -6596,26 +6608,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client "
 "side. The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use "
 "<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -6625,7 +6637,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6633,31 +6645,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6670,51 +6682,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6723,12 +6735,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6745,12 +6757,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6759,14 +6771,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6775,24 +6787,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6800,19 +6812,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6821,7 +6833,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
 "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -6829,7 +6841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6838,7 +6850,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option "
 "<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
@@ -6846,22 +6858,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6871,7 +6883,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the "
 "<quote>ppolicy</quote> option and might be removed in a future release.  "
@@ -6879,7 +6891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6892,12 +6904,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6907,31 +6919,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6939,26 +6951,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control "
@@ -6966,24 +6978,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6992,74 +7004,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7070,7 +7082,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7078,58 +7090,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy "
 "controls. Disabling this allows interacting with services which send back "
@@ -7137,12 +7149,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7165,12 +7177,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7178,43 +7190,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
 "</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7222,14 +7234,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7239,19 +7251,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7259,7 +7271,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7267,106 +7279,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
 "<emphasis>false</emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7375,59 +7387,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7436,22 +7448,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7460,14 +7472,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7475,7 +7487,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7488,7 +7500,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7496,19 +7508,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7524,13 +7536,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7586,7 +7598,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr ""
 
@@ -12453,7 +12465,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12585,7 +12597,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> "
 "<replaceable>DOMAIN</replaceable>"
@@ -14347,20 +14359,25 @@ msgid ""
 "</citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain "
 "<replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14368,12 +14385,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14387,7 +14404,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; "
@@ -14396,7 +14413,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14405,10 +14422,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/sv.po b/src/man/po/sv.po
index bf4444e61a..31924615ac 100644
--- a/src/man/po/sv.po
+++ b/src/man/po/sv.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-09-02 11:38+0000\n"
 "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
 "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/"
@@ -255,10 +255,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -279,10 +279,10 @@ msgstr ""
 "journald är aktiverat för SSSD-felsökningsloggning ignoreras denna flagga."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -323,8 +323,8 @@ msgstr ""
 "ingen effekt för andra loggningstyper)."
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -357,8 +357,8 @@ msgstr ""
 "att efter tre missade hjärtslag kommer processen avsluta sig själv."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Standard: 10"
 
@@ -450,7 +450,7 @@ msgstr ""
 "understrykningstecken. Tecknet ”/” är förbjudet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (sträng)"
 
@@ -475,12 +475,12 @@ msgstr ""
 "för mer information om dessa reguljära uttryck."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -491,32 +491,32 @@ msgstr ""
 "samman ett fullständigt kvalificerat namn från namn- och domänkomponenter."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "användarnamn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr "domännamn som det anges i SSSD-konfigurationsfilen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -525,7 +525,7 @@ msgstr ""
 "direkt konfigurerade eller hittade via IPA-förtroenden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -727,8 +727,8 @@ msgstr ""
 "default_domain_suffix används. </phrase>"
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -1065,7 +1065,7 @@ msgstr ""
 "användarnamn kan överlappa mellan domäner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Standard: inte satt"
@@ -1102,18 +1102,27 @@ msgstr ""
 "”false” förbjuder kärndumpar för alla SSSD-processer för att undvika att "
 "klartextlösenord läcker. Se manualsidan prctl:PR_SET_DUMPABLE för detaljer."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr "passkey_verification (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr "user_verification (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
@@ -1122,7 +1131,7 @@ msgstr ""
 "under autentisering. Om aktiverat kommer PIN:en alltid att begäras."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1133,7 +1142,7 @@ msgstr ""
 "servern."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -1161,12 +1170,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "TJÄNSTESEKTIONER"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1179,22 +1188,22 @@ msgstr ""
 "<quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Allmänna alternativ för tjänstekonfiguration"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Dessa alternativ kan användas för att konfigurera alla tjänster."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1209,17 +1218,17 @@ msgstr ""
 "och den ”hårda” gränsen i limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Standard: 8192 (eller den ”hårda” gränsen i limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1234,17 +1243,17 @@ msgstr ""
 "konfigureras kommer det att justeras till 10 sekunder."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr "Standard: 60, KCM: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1261,7 +1270,7 @@ msgstr ""
 "försök att bli uppkopplat beräknas det nya intervallet om enligt följande:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
@@ -1270,7 +1279,7 @@ msgstr ""
 "slumpvärde[0…offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1281,7 +1290,7 @@ msgstr ""
 "är 30. Slutresultatet är antalet sekunder före nästa omförsök."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
@@ -1290,18 +1299,18 @@ msgstr ""
 "offline_timeout_max (förutom slumpdelen)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Standard: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout_max (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
@@ -1310,12 +1319,12 @@ msgstr ""
 "misslyckat försök att koppla upp."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr "Ett värde på 0 avaktiverar det ökande beteendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
@@ -1324,7 +1333,7 @@ msgstr ""
 "offline_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1337,7 +1346,7 @@ msgstr ""
 "åtminstone 4 gånger offline_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
@@ -1346,17 +1355,17 @@ msgstr ""
 "att åsidosätta värdet offline_timeout så det är inte så användbart."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr "Standard: 3600"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout_random_offset (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
@@ -1365,7 +1374,7 @@ msgstr ""
 "angivna tidsintervall:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
@@ -1375,27 +1384,27 @@ msgstr ""
 "slumptal i intervallet:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr "[0 – offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr "Ett värde på 0 avaktiverar tillägget av en slumpfördröjning."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr "Standard: 30"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr "responder_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1414,18 +1423,18 @@ msgstr ""
 "antingen uttags- eller D-Bus-aktiverade."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Standard: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr "cache_first"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
@@ -1434,12 +1443,12 @@ msgstr ""
 "den frågar dataleverantörerna."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "NSS-konfigurationsalternativ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1447,12 +1456,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1461,17 +1470,17 @@ msgstr ""
 "information om alla användare)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Standard: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1482,7 +1491,7 @@ msgstr ""
 "för domänen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1497,7 +1506,7 @@ msgstr ""
 "framtida begäranden kommer behöva blockera i väntan på en cacheuppdatering."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1510,17 +1519,17 @@ msgstr ""
 "(0 avaktiverar denna funktion)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Standard: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1531,17 +1540,17 @@ msgstr ""
 "bakänden tillfrågas igen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Standard: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr "local_negative_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1552,17 +1561,17 @@ msgstr ""
 "in alternativet till 0 avaktiverar denna funktion."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr "Standard: 14400 (4 timmar)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1576,7 +1585,7 @@ msgstr ""
 "användarhuvudmansnamn (UPN)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1589,17 +1598,17 @@ msgstr ""
 "kommer fortfarande ha medlemsanvändarna i den senare listade."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Standard: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1607,12 +1616,12 @@ msgstr ""
 "sätt då detta alternativ till false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1621,7 +1630,7 @@ msgstr ""
 "anges av domänens dataleverantör."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1629,7 +1638,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1639,23 +1648,23 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exempel: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr "Standard: inte satt (ingen ersättning för ej angivna hemkataloger)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1666,30 +1675,30 @@ msgstr ""
 "sektionen [nss] eller per domän."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Standard: inte angivet (SSSD kommer använda värdet som hämtats från LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 "Begränsa användarskal till ett av de listade värdena. Beräkningsordningen är:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Om skalet finns i <quote>/etc/shells</quote> används det."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1698,7 +1707,7 @@ msgstr ""
 "quote>, använd värdet på parametern shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1707,12 +1716,12 @@ msgstr ""
 "shells</quote> används ett nologin-skal."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr "Jokertecknet (*) kan användas för att tillåta godtyckligt skal."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1723,12 +1732,12 @@ msgstr ""
 "alla skal i allowed_shells skulle vara för mycket overhead."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "En tom sträng som skal skickas som den är till libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1737,27 +1746,27 @@ msgstr ""
 "att en omstart av SSSD behövs ifall ett nytt skal installeras."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "Standard: inte satt. Användarens skal används automatiskt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Ersätt alla instanser av dessa skal med shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1765,17 +1774,17 @@ msgstr ""
 "maskinen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Standard: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1785,7 +1794,7 @@ msgstr ""
 "per domän."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1794,12 +1803,12 @@ msgstr ""
 "libc ersätter med något rimligt när nödvändigt, vanligen /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1808,12 +1817,12 @@ msgstr ""
 "som giltiga."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr "memcache_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
@@ -1823,7 +1832,7 @@ msgstr ""
 "minnet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
@@ -1832,8 +1841,8 @@ msgstr ""
 "påverkan på SSSD:s prestanda och skall bara användas för testning."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
@@ -1842,12 +1851,12 @@ msgstr ""
 "klientprogram inte använda den snabba cachen i minnet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr "memcache_size_passwd (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1858,13 +1867,13 @@ msgstr ""
 "lösenords-cachen i minnet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr "Standard: 8"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
@@ -1873,12 +1882,12 @@ msgstr ""
 "negativ påverkan på SSSD:s prestanda."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr "memcache_size_group (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1889,19 +1898,19 @@ msgstr ""
 "grupp-cachen i minnet."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Standard: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr "memcache_size_initgroups (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1912,12 +1921,12 @@ msgstr ""
 "initgrupp-cachen i minnet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr "memcache_size_sid (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1930,12 +1939,12 @@ msgstr ""
 "storleken till 0 kommer avaktivera SID-cachen i minnet."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1952,7 +1961,7 @@ msgstr ""
 "citerefentry> för detaljer) men utan standardvärden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
@@ -1961,17 +1970,17 @@ msgstr ""
 "InfoPipe-alternativet om det inte är satt för NSS-respondenten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr "Standard: inte satt, gå tillbaka till InfoPipe-alternativet"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr "pwfield (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
@@ -1980,12 +1989,12 @@ msgstr ""
 "returnera i fältet <quote>password</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr "Standard: <quote>*</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
@@ -1994,7 +2003,7 @@ msgstr ""
 "värdet i [nss]-sektionen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -2006,12 +2015,12 @@ msgstr ""
 "<quote>x</quote> (proxydomän med målet nss_files och sssd-shadowutils)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "PAM-konfigurationsalternativ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -2020,12 +2029,12 @@ msgstr ""
 "Authentication Module (PAM)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -2035,17 +2044,17 @@ msgstr ""
 "inloggningen)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Standard: 0 (ingen gräns)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -2054,12 +2063,12 @@ msgstr ""
 "inloggningsförsök är tillåtna."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -2068,7 +2077,7 @@ msgstr ""
 "har nåtts före ett nytt inloggningsförsök är möjligt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -2079,17 +2088,17 @@ msgstr ""
 "autentisering kan aktivera autentisering utan uppkoppling igen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Standard: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -2098,43 +2107,43 @@ msgstr ""
 "Ju högre tal desto fler meddelanden visas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "För närvarande stödjs följande värden:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: visa inte några meddelanden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: visa endast viktiga meddelanden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: visa informationsmeddelanden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: visa alla meddelanden och felsökningsinformation"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Standard: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr "pam_response_filter (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -2147,7 +2156,7 @@ msgstr ""
 "användaren eller miljövariabler som skall sättas av pam_sss."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
@@ -2156,37 +2165,37 @@ msgstr ""
 "gör detta alternativ att man kan filtrera ut andra sorters svar dessutom."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr "ENV"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr "Skicka inte några miljövariabler till någon tjänst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr "ENV:varnamn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr "Skicka inte miljövariabeln varnamn till någon tjänst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr "ENV:varnamn:tjänst"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr "Skicka inte miljövariabeln varnamn till tjänst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -2195,7 +2204,7 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2212,12 +2221,12 @@ msgstr ""
 "eller ”-” eller inget av dem. Det ses som ett fel att blanda båda sätten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr "Standard: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
@@ -2225,12 +2234,12 @@ msgstr ""
 "standardlistan"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2241,7 +2250,7 @@ msgstr ""
 "till att autentisering sker med den senaste informationen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2255,17 +2264,17 @@ msgstr ""
 "identitetsleverantören."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr "Visa en varning N dagar före lösenordet går ut."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2275,7 +2284,7 @@ msgstr ""
 "lösenordet.  Om denna information saknas kan sssd inte visa någon varning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -2284,7 +2293,7 @@ msgstr ""
 "mottogs från bakändeserver kommer den automatiskt visas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -2293,18 +2302,18 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> för en viss domän."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Standard: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2319,12 +2328,12 @@ msgstr ""
 "UID vid uppstart."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr "Standard: alla användare betraktas som betrodda som standard"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
@@ -2333,12 +2342,12 @@ msgstr ""
 "inte är i listan pam_trusted_users."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
@@ -2347,20 +2356,20 @@ msgstr ""
 "betrodda användare."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 "Två speciella värden för alternativet pam_public_domains är definierade:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 "all (Ej betrodda användare tillåts komma åt alla domäner i PAM-respondenten.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -2369,19 +2378,19 @@ msgstr ""
 "respondenten.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Standard: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
@@ -2390,7 +2399,7 @@ msgstr ""
 "standardmeddelandet ”åtkomst nekas”."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
@@ -2400,7 +2409,7 @@ msgstr ""
 "felsökningsinformation)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2410,12 +2419,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr "pam_account_locked_message (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
@@ -2424,7 +2433,7 @@ msgstr ""
 "standardmeddelandet ”åtkomst nekas”."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2434,46 +2443,46 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr "pam_passkey_auth (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr "Aktivera autentisering baserad på lösennyckelsenhet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Standard: True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr "passkey_debug_libfido2 (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr "Aktivera biblioteket libfido2 felsökningsmeddelanden."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Standard: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr "pam_cert_auth (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2484,22 +2493,22 @@ msgstr ""
 "autentiseringsprocessen är detta alternativ avaktiverat som standard."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr "pam_cert_db_path (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr "Sökvägen till certifikatdatabasen."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr "Standard:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
@@ -2508,12 +2517,12 @@ msgstr ""
 "certifikat i PEM-format)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr "pam_cert_verification (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2527,7 +2536,7 @@ msgstr ""
 "Flaggor som stödjs är samma som för <quote>certificate_verification</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2537,7 +2546,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
@@ -2547,22 +2556,22 @@ msgstr ""
 "<quote>[sssd]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr "p11_child_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr "passkey_child_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
@@ -2570,12 +2579,12 @@ msgstr ""
 "avsluta."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr "pam_app_services (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
@@ -2584,12 +2593,12 @@ msgstr ""
 "<quote>application</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr "pam_p11_allowed_services (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
@@ -2598,7 +2607,7 @@ msgstr ""
 "tillåtet att använda smarta kort."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2608,7 +2617,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2628,63 +2637,63 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr "Standard: standarduppsättningen av PAM-tjänstenamn innefattar:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr "gnome-screensaver"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr "p11_wait_for_card_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2694,12 +2703,12 @@ msgstr ""
 "p11_child_timeout PAM-respondenten skall vänta på att ett smartkort sätts in."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr "p11_uri (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2716,7 +2725,7 @@ msgstr ""
 "användas för att säga till p11_child att använda en specifik läsare."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2726,7 +2735,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2736,7 +2745,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2749,17 +2758,17 @@ msgstr ""
 "”p11tool” med t.ex. ”--list-all” visa även PKCS#11 URI:er."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr "pam_initgroups_scheme"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr "always"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
@@ -2767,12 +2776,12 @@ msgstr ""
 "fortfarande gäller"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr "no_session"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
@@ -2781,12 +2790,12 @@ msgstr ""
 "användaren, d.v.s. om användaren inte är inloggad för närvarande"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr "never"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
@@ -2795,7 +2804,7 @@ msgstr ""
 "inte har gått ut"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2808,17 +2817,17 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr "Standard: no_session"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr "pam_gssapi_services"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
@@ -2827,7 +2836,7 @@ msgstr ""
 "autentisering med modulen pam_sss_gss.so."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
@@ -2835,7 +2844,7 @@ msgstr ""
 "quote> (streck)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2846,7 +2855,7 @@ msgstr ""
 "över värdet i domänsektionen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2856,22 +2865,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exempel: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr "Standard: - (GSSAPI-autentisering är avaktiverat)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr "pam_gssapi_check_upn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2882,7 +2891,7 @@ msgstr ""
 "Autentisering kommer misslyckas om kontrollen misslyckas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
@@ -2891,12 +2900,12 @@ msgstr ""
 "autentiseras."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr "pam_gssapi_indicators_map"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2907,7 +2916,7 @@ msgstr ""
 "autentisering med modulen pam_sss_gss.so."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2933,7 +2942,7 @@ msgstr ""
 "åtkomsten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2944,7 +2953,7 @@ msgstr ""
 "specifik PAM-tjänst, lägg till <quote>tjänst:-</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
@@ -2952,7 +2961,7 @@ msgstr ""
 "Följande autentiseringsindikatorer stödjs av IPA-Kerberosinstallationer:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
@@ -2961,7 +2970,7 @@ msgstr ""
 "filer eller på smarta kort."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
@@ -2970,12 +2979,12 @@ msgstr ""
 "i en FAST-kanal."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr "radius — förautentisering med hjälp av en RADIUS-server."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
@@ -2984,12 +2993,12 @@ msgstr ""
 "(2FA eller engångslösenord, OTP) i IPA."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr "idp — förautentisering med extern identitetsleverantör."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2999,7 +3008,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -3010,18 +3019,18 @@ msgstr ""
 "(PKINIT), sätt <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 "Standard: inte satt (användning av autentiseringsindikatorer krävs inte)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "SUDO-konfigurationsalternativ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -3039,12 +3048,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -3053,12 +3062,12 @@ msgstr ""
 "tidsberoende sudoers-poster skall evalueras eller inte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr "sudo_threshold (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -3073,22 +3082,22 @@ msgstr ""
 "gränsvärde gäller även IPA-sudo-kommandon och kommandogruppsökningar."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "AUTOFS-konfigurationsalternativ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr "Dessa alternativ kan användas för att konfigurera tjänsten autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -3099,22 +3108,22 @@ msgstr ""
 "finns) innan bakänden tillfrågas igen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "SSH-konfigurationsalternativ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr "Dessa alternativ kan användas för att konfigurera tjänsten SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -3123,12 +3132,12 @@ msgstr ""
 "till kontrollsummor eller inte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -3137,17 +3146,17 @@ msgstr ""
 "att dess värdnycklar begärdes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "Standard: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr "ssh_use_certificate_keys (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -3161,12 +3170,12 @@ msgstr ""
 "manvolnum> </citerefentry> för detaljer."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr "ssh_use_certificate_matching_rules (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -3181,7 +3190,7 @@ msgstr ""
 "regelnamn. Alla andra regler kommer ignoreras."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -3193,7 +3202,7 @@ msgstr ""
 "certifikat."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -3206,7 +3215,7 @@ msgstr ""
 "certifikatautentisering är aktiverat."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
@@ -3215,7 +3224,7 @@ msgstr ""
 "ingen regel blir vald kommer alla certifikat ignoreras."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
@@ -3224,12 +3233,12 @@ msgstr ""
 "standardregeln används"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr "ca_db (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
@@ -3238,12 +3247,12 @@ msgstr ""
 "validera användarcertifikat före publika ssh-nycklar härleds från dem."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "PAC-respondentskonfigurationsalternativ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -3261,7 +3270,7 @@ msgstr ""
 "kommer några av följande operationer att göras:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -3277,7 +3286,7 @@ msgstr ""
 "skrivas över med parametern default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -3286,17 +3295,17 @@ msgstr ""
 "användaren läggas till i dessa grupper."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr "Dessa alternativ kan användas för att konfigurera PAC-respondenten."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -3307,7 +3316,7 @@ msgstr ""
 "uppstart."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
@@ -3316,12 +3325,12 @@ msgstr ""
 "tillåts komma åt PAC-respondenten)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr "Standard: 0 (endast root-användaren tillåts komma åt PAC-respondenten)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -3335,7 +3344,7 @@ msgstr ""
 "AID:er."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -3348,12 +3357,12 @@ msgstr ""
 "0 i listan av tillåtna AID:er."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr "pac_lifetime (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
@@ -3362,12 +3371,12 @@ msgstr ""
 "datan användas för att avgöra gruppmedlemskap för en användare."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr "pac_check (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3384,12 +3393,12 @@ msgstr ""
 "krb5_validate är satt till ”False” kommer PAC-kontrollerna hoppas över."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr "no_check"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
@@ -3398,12 +3407,12 @@ msgstr ""
 "kontroller att göras."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr "pac_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3414,12 +3423,12 @@ msgstr ""
 "misslyckas."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr "check_upn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
@@ -3428,12 +3437,12 @@ msgstr ""
 "(UPN) är konsistent."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr "check_upn_allow_missing"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3452,7 +3461,7 @@ msgstr ""
 "inte längre någon anledning att sätta ”ldap_user_principal”."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3470,22 +3479,22 @@ msgstr ""
 "loggmeddelandet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr "upn_dns_info_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr "PAC:en måste innehålla bufferten UPN-DNS-INFO, implicerar ”check_upn”."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr "check_upn_dns_info_ex"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
@@ -3494,12 +3503,12 @@ msgstr ""
 "kontrollera om informationen i utökningen är konsistent."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr "upn_dns_info_ex_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
@@ -3508,7 +3517,7 @@ msgstr ""
 "”check_upn_dns_info_ex”, ”upn_dns_info_present” och ”check_upn”."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3517,7 +3526,7 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
@@ -3526,12 +3535,12 @@ msgstr ""
 "check_upn_allow_missing, check_upn_dns_info_ex”)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr "Konfigurationsalternativ för inspelning av sessioner"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3547,33 +3556,33 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 "Dessa alternativ kan användas för att konfigurera inspelning av sessioner."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr "scope (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr "”none”"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr "Inga användare spelas in."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr "”some”"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
@@ -3582,17 +3591,17 @@ msgstr ""
 "och <replaceable>groups</replaceable> spelas in."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr "”all”"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr "Alla användare spelas in."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3601,17 +3610,17 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr "Standard: ”none”"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr "users (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3622,17 +3631,17 @@ msgstr ""
 "efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr "Standard: Tomt. Matchar inte några användare."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr "groups (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3643,7 +3652,7 @@ msgstr ""
 "efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3655,17 +3664,17 @@ msgstr ""
 "användare måste hämtas och matchas mot grupperna användaren är en medlem i."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr "Standard: Tom. Matchar inga grupper."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr "exclude_users (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
@@ -3674,17 +3683,17 @@ msgstr ""
 "tillämpligt med ”scope=all”."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr "Standard: Tomt. Inga användare uteslutna."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr "exclude_groups (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
@@ -3693,23 +3702,23 @@ msgstr ""
 "inspelning. Endast tillämpligt med ”scope=all”."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr "Standard: Tom. Inga grupper uteslutna."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "DOMÄNSEKTIONER"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr "aktiverat"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3724,12 +3733,12 @@ msgstr ""
 "quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr "domain_type (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3742,7 +3751,7 @@ msgstr ""
 "operativsystemets gränssnitt och verktyg."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
@@ -3751,7 +3760,7 @@ msgstr ""
 "<quote>application</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3764,7 +3773,7 @@ msgstr ""
 "respondenten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
@@ -3773,7 +3782,7 @@ msgstr ""
 "<quote>id_provider=ldap</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
@@ -3782,17 +3791,17 @@ msgstr ""
 "<quote>Programdomäner</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr "Standard: posix"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3801,7 +3810,7 @@ msgstr ""
 "utanför dessa gränser ignoreras den."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3814,7 +3823,7 @@ msgstr ""
 "ligger i intervallet rapporteras som förväntat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -3823,17 +3832,17 @@ msgstr ""
 "när de returneras via namn eller ID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Standard: 1 för min_id, 0 (ingen gräns) för max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3846,22 +3855,22 @@ msgstr ""
 "Denna parameter kan ha ett av följande värden:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Användare och grupper räknas upp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Inga uppräkningar för denna domän"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Standard: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
@@ -3870,7 +3879,7 @@ msgstr ""
 "grupposter från fjärrservern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
@@ -3879,7 +3888,7 @@ msgstr ""
 "= proxy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3902,7 +3911,7 @@ msgstr ""
 "med startas om av den interna vakthunden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -3911,7 +3920,7 @@ msgstr ""
 "användar- eller grupplistan returnera utan resultat tills den är färdig."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3924,7 +3933,7 @@ msgstr ""
 "information, se manualsidorna för den specifika id-leverantören som används."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -3933,7 +3942,7 @@ msgstr ""
 "stora miljöer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3945,32 +3954,32 @@ msgstr ""
 "konfiguration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Alla upptäckta betrodda domäner kommer räknas upp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Inga upptäckta betrodda domäner kommer räknas upp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3983,12 +3992,12 @@ msgstr ""
 "bara för dessa betrodda domäner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -3997,7 +4006,7 @@ msgstr ""
 "bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -4014,17 +4023,17 @@ msgstr ""
 "redan har cachats."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Standard: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -4033,19 +4042,19 @@ msgstr ""
 "bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "Standard: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -4054,12 +4063,12 @@ msgstr ""
 "bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -4068,12 +4077,12 @@ msgstr ""
 "frågar bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -4082,12 +4091,12 @@ msgstr ""
 "bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr "entry_cache_resolver_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
@@ -4096,12 +4105,12 @@ msgstr ""
 "den frågar bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -4110,12 +4119,12 @@ msgstr ""
 "igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -4124,12 +4133,12 @@ msgstr ""
 "giltiga före den frågar bakänden igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -4138,12 +4147,12 @@ msgstr ""
 "hur länge värdnyckeln skall cachas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr "entry_cache_computer_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
@@ -4152,12 +4161,12 @@ msgstr ""
 "igen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -4167,7 +4176,7 @@ msgstr ""
 "utgångna poster."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -4180,17 +4189,17 @@ msgstr ""
 "uppdateras både användarposten och gruppmedlemskapet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr "Denna flagga ärvs automatiskt för alla betrodda domäner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr "Du kan överväga att sätta detta värde till ¾ · entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -4210,18 +4219,18 @@ msgstr ""
 "vilja manuellt invalidera den befintliga cachen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "Standard: 0 (avaktiverat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -4238,7 +4247,7 @@ msgstr ""
 "konfiguration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -4251,12 +4260,12 @@ msgstr ""
 "och att knäcka ett lösenord med en råstyrkeattack."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr "cache_credentials_minimal_first_factor_length (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -4267,7 +4276,7 @@ msgstr ""
 "lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
@@ -4277,12 +4286,12 @@ msgstr ""
 "attacker."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -4295,17 +4304,17 @@ msgstr ""
 "offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Standard: 0 (obegränsat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -4317,17 +4326,17 @@ msgstr ""
 "Dessutom måste en autentiseringsleverantör ha konfigurerats för bakänden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Standard: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -4335,12 +4344,12 @@ msgstr ""
 "stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "<quote>proxy</quote>: Stöd en tidigare NSS-leverantör."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4351,7 +4360,7 @@ msgstr ""
 "information om hur lokala användare och grupper kan speglas in i SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4362,8 +4371,8 @@ msgstr ""
 "information om att konfigurera LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4374,8 +4383,8 @@ msgstr ""
 "manvolnum> </citerefentry> för mer information om att konfigurera FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4386,12 +4395,12 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -4400,7 +4409,7 @@ msgstr ""
 "full_name_format) som användarens inloggningsnamn rapporterat till NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -4414,7 +4423,7 @@ msgstr ""
 "command> skulle det."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -4426,7 +4435,7 @@ msgstr ""
 "namn begärs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
@@ -4435,17 +4444,17 @@ msgstr ""
 "default_domain_suffix används)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr "Returnera inte gruppmedlemmar för gruppuppslagningar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -4464,7 +4473,7 @@ msgstr ""
 "som om den vore tom."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -4475,11 +4484,11 @@ msgstr ""
 "innehåller många medlemmar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
@@ -4488,12 +4497,12 @@ msgstr ""
 "<emphasis>subdomain_inherit</emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -4502,7 +4511,7 @@ msgstr ""
 "är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4513,7 +4522,7 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4524,7 +4533,7 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -4532,12 +4541,12 @@ msgstr ""
 "PAM-mål."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> avaktiverar explicit autentisering."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4546,12 +4555,12 @@ msgstr ""
 "autentiseringsbegäranden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4562,7 +4571,7 @@ msgstr ""
 "Interna specialleverantörer är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -4571,12 +4580,12 @@ msgstr ""
 "åtkomstleverantören för en lokal domän."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> neka alltid åtkomst."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4589,7 +4598,7 @@ msgstr ""
 "konfigurera åtkomstmodulen simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4600,24 +4609,24 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 "<quote>proxy</quote> för att skicka vidare åtkomstkontroll till någon annan "
 "PAM-modul."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Standard: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4626,7 +4635,7 @@ msgstr ""
 "av lösenordsändring som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4637,7 +4646,7 @@ msgstr ""
 "manvolnum> </citerefentry> för mer information om att konfigurera LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4648,7 +4657,7 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -4656,12 +4665,12 @@ msgstr ""
 "annat PAM-mål."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> tillåter uttryckligen inte lösenordsändringar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4670,18 +4679,18 @@ msgstr ""
 "hantera begäranden om ändring av lösenord."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "SUDO-leverantören som används för domänen.  SUDO-leverantörer som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4692,7 +4701,7 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -4701,7 +4710,7 @@ msgstr ""
 "standardsinställningar för IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -4710,18 +4719,18 @@ msgstr ""
 "standardsinställningar för AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> avaktiverar explicit SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr "Standard: värdet på <quote>id_provider</quote> används om det är satt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4738,7 +4747,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4751,12 +4760,12 @@ msgstr ""
 "relaterad aktivitet i SSSD om du inte vill använda sudo med SSSD alls."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4767,7 +4776,7 @@ msgstr ""
 "åtkomstleverantören avslutar.  Selinux-leverantörer som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4778,14 +4787,14 @@ msgstr ""
 "manvolnum> </citerefentry> för mer information om att konfigurera IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> tillåter uttryckligen inte att hämta selinux-"
 "inställningar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -4794,12 +4803,12 @@ msgstr ""
 "begäranden om inläsning av selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -4808,7 +4817,7 @@ msgstr ""
 "alltid vara samma som id_provider.  Underdomänsleverantörer som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4820,7 +4829,7 @@ msgstr ""
 "konfigurera IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4833,17 +4842,17 @@ msgstr ""
 "konfigurera AD-leverantören."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> tillåter uttryckligen inte att hämta underdomäner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr "session_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4855,14 +4864,14 @@ msgstr ""
 "med IPA.  Sessionsleverantörer som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 "<quote>ipa</quote> för att utföra uppgifter relaterade till "
 "användarsessioner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
@@ -4870,7 +4879,7 @@ msgstr ""
 "användarsessioner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
@@ -4879,12 +4888,12 @@ msgstr ""
 "sessionsrelaterade uppgifter."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -4892,7 +4901,7 @@ msgstr ""
 "är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4903,7 +4912,7 @@ msgstr ""
 "citerefentry> för mer information om att konfigurera LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4914,7 +4923,7 @@ msgstr ""
 "manvolnum> </citerefentry> för mer information om att konfigurera IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4926,17 +4935,17 @@ msgstr ""
 "leverantören."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> avaktiverar explicit autofs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -4945,7 +4954,7 @@ msgstr ""
 "leverantörer som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4956,17 +4965,17 @@ msgstr ""
 "manvolnum> </citerefentry> för mer information om att konfigurera IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> avaktiverar explicit värd-id:n."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr "resolver_provider (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
@@ -4975,7 +4984,7 @@ msgstr ""
 "Uppslagsleverantörer som stödjs är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
@@ -4984,7 +4993,7 @@ msgstr ""
 "bibliotek. Se <quote>proxy_resolver_lib_name</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4995,7 +5004,7 @@ msgstr ""
 "manvolnum> </citerefentry> för mer information om att konfigurera LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -5008,13 +5017,13 @@ msgstr ""
 "leverantören."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 "<quote>none</quote> tillåter uttryckligen inte att hämta värdar och nätverk."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -5029,7 +5038,7 @@ msgstr ""
 "(NetBIOS) namnet på domänen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
@@ -5038,17 +5047,17 @@ msgstr ""
 "name&gt;[^@]+))$</quote> vilket tillåter två olika stilar av användarnamn:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "användarnamn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "användarnamn@domän.namn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -5061,12 +5070,12 @@ msgstr ""
 "användarnamn:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "domän\\användarnamn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -5075,7 +5084,7 @@ msgstr ""
 "tredje för att tillåta enkel integration av användare från Windows-domäner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -5090,17 +5099,17 @@ msgstr ""
 "<quote>@</quote> måste de skapa sin egen re_expression."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Standard: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -5109,44 +5118,44 @@ msgstr ""
 "uppslagningar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Värden som stödjs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: Försök slå upp IPv4-adresser, om det misslyckas, prova IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Försök endast slå upp värdnamn som IPv4-adresser."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: Försök slå upp IPv6-adresser, om det misslyckas, prova IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Försök endast slå upp värdnamn som IPv6-adresser."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Standard: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_server_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
@@ -5155,7 +5164,7 @@ msgstr ""
 "DNS-server före den provar nästa DNS-server."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
@@ -5163,7 +5172,7 @@ msgstr ""
 "pingtidsgränsen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
@@ -5171,17 +5180,17 @@ msgstr ""
 "Se avsnittet <quote>RESERVER</quote> för mer information om tjänstevalet."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Standard: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_op_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -5192,17 +5201,17 @@ msgstr ""
 "nästa värdnamn eller DNS-upptäckt."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Standard: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -5214,12 +5223,12 @@ msgstr ""
 "nås kommer domänen fortsätta att fungera i frånkopplat läge."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_use_search_list (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -5230,7 +5239,7 @@ msgstr ""
 "med felaktigt konfigurerad DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -5241,17 +5250,17 @@ msgstr ""
 "DNS-uppslagningar i sådana miljöer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Standard: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -5260,17 +5269,17 @@ msgstr ""
 "fråga om tjänsteupptäckt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Standard: använd domändelen av maskinens värdnamn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr "failover_primary_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -5281,57 +5290,57 @@ msgstr ""
 "den försöker återansluta till primärservern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr "Observera: minimivärdet är 31."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 msgid "Default: 31"
 msgstr "Standard: 31"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "Ersätt det primära GID-värdet med det angivna."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr "Skiftlägeskänsligt. Detta värde är inte giltigt för AD-leverantörer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr "Skiftlägesokänsligt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -5342,7 +5351,7 @@ msgstr ""
 "tjänster även protokollnamn) fortfarande skiftas ner i utdata."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
@@ -5351,7 +5360,7 @@ msgstr ""
 "du sätta det på både klienten och SSSD på servern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -5360,17 +5369,17 @@ msgstr ""
 "värdena på alternativen är: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr "Standard: True (False för AD-leverantören)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -5381,47 +5390,47 @@ msgstr ""
 "följande alternativ ärvas:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr "ldap_offline_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
@@ -5430,57 +5439,57 @@ msgstr ""
 "ldap_krb5_keytab sätts särskilt)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr "auto_private_groups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr "case_sensitive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -5490,28 +5499,28 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 "Observera: detta alternativ fungerar endast med leverantörerna IPA och AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "platt (NetBIOS) namn på en underdomän."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -5526,36 +5535,36 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 "Värdet kan åsidosättas av alternativet <emphasis>override_homedir</emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Standard: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 "Diverse taggar lagrade av realmd-konfigurationstjänsten för denna domän."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr "cached_auth_timeout (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -5568,7 +5577,7 @@ msgstr ""
 "uppkopplad autentisering."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
@@ -5577,12 +5586,12 @@ msgstr ""
 "inte möjligt att ange olika värden för varje betrodd domän."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr "Specialvärdet 0 betyder att denna funktion är avaktiverad."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -5593,12 +5602,12 @@ msgstr ""
 "<quote>initgroups.</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr "local_auth_policy (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -5617,7 +5626,7 @@ msgstr ""
 "vilka utvärderas och kontrolleras lokalt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -5637,7 +5646,7 @@ msgstr ""
 "quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -5648,42 +5657,42 @@ msgstr ""
 "med standard local_auth_policy: <quote>match</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr "local_auth_policy = match (standard)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr "Lösennyckel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr "Smartkort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr "avaktiverad"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr "LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5696,7 +5705,7 @@ msgstr ""
 "vara en PIN-prompt istället för t.ex. en lösenordsprompt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5712,7 +5721,7 @@ msgstr ""
 "local_auth_policy = only\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5723,7 +5732,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
@@ -5733,22 +5742,22 @@ msgstr ""
 "standard."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 msgid "Default: match"
 msgstr "Standard: match"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr "auto_private_groups (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr "true"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
@@ -5757,7 +5766,7 @@ msgstr ""
 "GID-numret ignoreras i detta läge."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5770,12 +5779,12 @@ msgstr ""
 "framtvingar unika nummer över hela ID-rymden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr "false"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
@@ -5784,12 +5793,12 @@ msgstr ""
 "ett gruppobjekt i LDAP-databasen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr "hybrid"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5804,7 +5813,7 @@ msgstr ""
 "upp till det gruppobjektet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
@@ -5813,7 +5822,7 @@ msgstr ""
 "kan GID:t helt enkelt inte slås upp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5824,7 +5833,7 @@ msgstr ""
 "befintliga användarnas privata grupper."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -5833,7 +5842,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
@@ -5843,7 +5852,7 @@ msgstr ""
 "översättning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5853,7 +5862,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5865,7 +5874,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -5879,7 +5888,7 @@ msgstr ""
 "id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -5890,17 +5899,17 @@ msgstr ""
 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "Proxymålet PAM är en proxy för."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -5911,12 +5920,12 @@ msgstr ""
 "man aktivera lokal autentisering med alternativet local_auth_policy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -5927,12 +5936,12 @@ msgstr ""
 "exempel _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr "proxy_resolver_lib_name (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -5943,12 +5952,12 @@ msgstr ""
 "_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -5961,12 +5970,12 @@ msgstr ""
 "SSSD att utföra ID-uppslagningen från cachen av prestandaskäl."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr "proxy_max_children (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -5978,7 +5987,7 @@ msgstr ""
 "begäranden skulle köas upp."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -5987,12 +5996,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr "Programdomäner"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -6021,7 +6030,7 @@ msgstr ""
 "traditionell SSSD-domän."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -6032,17 +6041,17 @@ msgstr ""
 "programdomänen och dess POSIX-syskondomän sätts korrekt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr "Programdomänparametrar"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr "inherit_from (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -6055,7 +6064,7 @@ msgstr ""
 "quote>domänens inställningar."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -6070,7 +6079,7 @@ msgstr ""
 "attributet telefon nåbart via D-Bus-gränssnittet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6104,12 +6113,12 @@ msgstr ""
 "ldap_user_extra_attrs = telefon:telephoneNumber\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr "SEKTIONEN BETRODDA DOMÄNER"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -6126,57 +6135,57 @@ msgstr ""
 "alternativ i sektionen för betrodda domäner är:"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr "ldap_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr "ldap_user_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr "ldap_group_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr "ldap_netgroup_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr "ldap_service_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr "ldap_sasl_mech,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr "ad_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr "ad_backup_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr "ad_site,"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr "use_fully_qualified_names"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
@@ -6185,12 +6194,12 @@ msgstr ""
 "manualsidan."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr "CERTIFIKATSMAPPNINGSSEKTION"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -6212,7 +6221,7 @@ msgstr ""
 "fallet när lokala tjänster använder PAM för autentisering."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -6224,7 +6233,7 @@ msgstr ""
 "detaljer)."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -6237,12 +6246,12 @@ msgstr ""
 "replaceable>]</quote>.  I denna sektion är följande alternativ tillåtna:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr "matchrule (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
@@ -6251,7 +6260,7 @@ msgstr ""
 "alla andra ignoreras."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
@@ -6260,17 +6269,17 @@ msgstr ""
 "Extended Key Usage <quote>clientAuth</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr "maprule (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr "Definierar hur användaren hittas för ett givet certifikat."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
@@ -6279,7 +6288,7 @@ msgstr ""
 "<quote>ldap</quote>, <quote>AD</quote> eller <quote>ipa</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -6287,12 +6296,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr "domains (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -6305,17 +6314,17 @@ msgstr ""
 "lägga till regeln till underdomäner också."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr "Standard: den konfigurerade domänen i sssd.conf"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr "priority (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -6326,12 +6335,12 @@ msgstr ""
 "prioriteten medan <quote>4294967295</quote> är den lägsta."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr "Standard: den lägsta prioriteten"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
@@ -6341,7 +6350,7 @@ msgstr ""
 "speciella egenskaper:"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
@@ -6350,7 +6359,7 @@ msgstr ""
 "användaren"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -6363,17 +6372,17 @@ msgstr ""
 "short_name})</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr "alternativet <quote>domains</quote> ignoreras"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr "SEKTIONEN FÖR FRÅGEKONFIGURATION"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -6388,7 +6397,7 @@ msgstr ""
 "tillämpliga kreditiv."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -6401,22 +6410,22 @@ msgstr ""
 "användarfall. Följande alternativ bör ge en bättre flexibilitet här."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr "[prompting/password]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr "password_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr "för att ändra strängen i lösenordsfrågan"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -6425,37 +6434,37 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr "[prompting/2fa]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr "first_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr "för att ändra strängen som frågar efter den första faktorn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr "second_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr "för att ändra strängen som frågar efter den andra faktorn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr "single_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -6468,7 +6477,7 @@ msgstr ""
 "faktorn är frivillig."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -6481,7 +6490,7 @@ msgstr ""
 "med lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -6492,17 +6501,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr "[prompting/passkey]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr "interactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -6513,22 +6522,22 @@ msgstr ""
 "utlösare."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr "interactive_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr "för att ändra meddelandet i den interaktiva frågan."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr "touch"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
@@ -6537,17 +6546,17 @@ msgstr ""
 "enheten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr "touch_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr "för att ändra meddelandet i begäran om beröring."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -6556,7 +6565,7 @@ msgstr ""
 "alternativen: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -6569,7 +6578,7 @@ msgstr ""
 "> <placeholder type=\"variablelist\" id=\"2\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -6580,12 +6589,12 @@ msgstr ""
 "enskilt för denna tjänst."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr "EXEMPEL"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6637,7 +6646,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -6649,7 +6658,7 @@ msgstr ""
 "domäner för fler detaljer. <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -6659,7 +6668,7 @@ msgstr ""
 "use_fully_qualified_names = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -6675,7 +6684,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -6691,7 +6700,7 @@ msgstr ""
 "priority = 10\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -7400,7 +7409,7 @@ msgstr ""
 "<emphasis>ldap_connection_expire_offset</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "Standard: 900 (15 minuter)"
 
@@ -7502,12 +7511,22 @@ msgstr "Avaktivera Active Directory intervallhämtning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
-msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+#, fuzzy
+#| msgid ""
+#| "Active Directory limits the number of members to be retrieved in a single "
+#| "lookup using the MaxValRange policy (which defaults to 1500 members). If "
+#| "a group contains more members, the reply would include an AD-specific "
+#| "range extension. This option disables parsing of the range extension, "
+#| "therefore large groups will appear as having no members."
+msgid ""
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 "Active Directory begränsar antalet medlemmar som kan hämtas i en enskild "
 "uppslagning med policyn MaxValRange (vilket som standard är 1500 medlemmar). "
@@ -7517,12 +7536,12 @@ msgstr ""
 "medlemmar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -7533,17 +7552,17 @@ msgstr ""
 "detta alternativ är definierat av OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr "ldap_sasl_maxssf (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -7554,12 +7573,12 @@ msgstr ""
 "detta alternativ är definierat av OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -7570,7 +7589,7 @@ msgstr ""
 "individuellt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -7587,7 +7606,7 @@ msgstr ""
 "rootDSE-objektet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -7600,7 +7619,7 @@ msgstr ""
 "OpenLDAP och Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -7611,12 +7630,12 @@ msgstr ""
 "oavsett denna inställning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr "ldap_ignore_unreadable_references (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -7627,7 +7646,7 @@ msgstr ""
 "misslyckas istället för att den oläsbara posten bara ignoreras."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -7638,12 +7657,12 @@ msgstr ""
 "en viss post eller ett visst LDAP-underträd av säkerhetsskäl."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -7652,7 +7671,7 @@ msgstr ""
 "några. Det kan anges som ett av följande värden:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -7661,7 +7680,7 @@ msgstr ""
 "några servercertifikat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7672,7 +7691,7 @@ msgstr ""
 "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7683,7 +7702,7 @@ msgstr ""
 "tillhandahålls avslutas sessionen omedelbart."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -7694,22 +7713,22 @@ msgstr ""
 "sessionen omedelbart."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Standard: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -7718,7 +7737,7 @@ msgstr ""
 "<command>sssd</command> kommer godkänna."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -7727,12 +7746,12 @@ msgstr ""
 "openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -7754,32 +7773,32 @@ msgstr ""
 "namnen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "Anger filen som innehåller certifikatet för klientens nyckel."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "Anger filen som innehåller klientens nyckel."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -7790,12 +7809,12 @@ msgstr ""
 "manvolnum></citerefentry> för formatet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -7806,12 +7825,12 @@ msgstr ""
 "emphasis> rekommenderas starkt av säkerhetsskäl."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -7822,18 +7841,18 @@ msgstr ""
 "förlita sig på ldap_user_uid_number och ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "För närvarande stödjer denna funktion endast ActiveDirectory objectSID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr "ldap_min_id, ldap_max_id (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -7851,17 +7870,17 @@ msgstr ""
 "Underdomäner kan sedan välja andra intervall för att översätta ID:n."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr "Standard: inte satt (båda alternativen är satta till 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
@@ -7870,7 +7889,7 @@ msgstr ""
 "GSSAPI och GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -7886,12 +7905,12 @@ msgstr ""
 "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -7911,7 +7930,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -7931,17 +7950,17 @@ msgstr ""
 "keytab."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "Standard: host/värdnamn@RIKE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -7952,17 +7971,17 @@ msgstr ""
 "ignoreras detta alternativ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "Standard: värdet på krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -7971,34 +7990,34 @@ msgstr ""
 "att ta fram värdnamnets kanoniska form under en SASL-bindning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Standard: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -8009,29 +8028,29 @@ msgstr ""
 "eller GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Standard: 86400 (24 timmar)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -8049,7 +8068,7 @@ msgstr ""
 "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -8060,7 +8079,7 @@ msgstr ""
 "hittas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -8072,27 +8091,27 @@ msgstr ""
 "quote> istället."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -8101,12 +8120,12 @@ msgstr ""
 "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -8121,7 +8140,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -8132,12 +8151,12 @@ msgstr ""
 "om lokaliseringsinsticksmodulen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -8146,7 +8165,7 @@ msgstr ""
 "värden är tillåtna:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -8155,7 +8174,7 @@ msgstr ""
 "alternativ kan inte avaktivera lösenordspolicyer på serversidan."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -8168,7 +8187,7 @@ msgstr ""
 "även alternativet ”ldap_chpass_update_last_change”."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -8179,7 +8198,7 @@ msgstr ""
 "chpass_provider=krb5 för att uppdatera dessa attribut när lösenordet ändras."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -8188,17 +8207,17 @@ msgstr ""
 "kommer den alltid gå före framför policyn som sätts med detta alternativ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -8207,7 +8226,7 @@ msgstr ""
 "kompilerad med OpenLDAP version 2.4.13 eller senare."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -8228,28 +8247,28 @@ msgstr ""
 "data vara tillgängliga."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Standard: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -8258,17 +8277,17 @@ msgstr ""
 "lösenordsändringar när tjänsteupptäckt är aktiverat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -8277,7 +8296,7 @@ msgstr ""
 "dagar sedan epoken efter en ändring av lösenord."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -8290,12 +8309,12 @@ msgstr ""
 "SSSD måste uppdatera det."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -8323,12 +8342,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Exempel:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -8340,7 +8359,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -8349,7 +8368,7 @@ msgstr ""
 "användare vars attribut employeeType är satt till ”admin”."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -8362,17 +8381,17 @@ msgstr ""
 "fortsätta ges åtkomst under frånkoppling, och vice versa."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "Standard: Empty"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -8381,7 +8400,7 @@ msgstr ""
 "åtkomststyrningsattribut aktiveras."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -8392,12 +8411,12 @@ msgstr ""
 "felkod även om lösenordet är korrekt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Följande värden är tillåtna:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -8406,7 +8425,7 @@ msgstr ""
 "att avgöra om kontot har gått ut."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -8419,7 +8438,7 @@ msgstr ""
 "kontrolleras också."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -8430,7 +8449,7 @@ msgstr ""
 "tillåts eller inte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -8442,7 +8461,7 @@ msgstr ""
 "för att avgöra om åtkomst tillåts. Om båda attributen saknas tillåts åtkomst."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -8453,23 +8472,23 @@ msgstr ""
 "ldap_account_expire_policy skall fungera."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Kommaseparerad lista över åtkomststyrningsalternativ.  Tillåtna värden är:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8484,7 +8503,7 @@ msgstr ""
 "fungera."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
@@ -8494,7 +8513,7 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8515,12 +8534,12 @@ msgstr ""
 "måste vara satt för att denna funktion skall fungera."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -8535,7 +8554,7 @@ msgstr ""
 "exempel SSH-nycklar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
@@ -8544,17 +8563,17 @@ msgstr ""
 "lösenord gått ut:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr "pwd_expire_policy_reject — användaren nekas att logga in,"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr "pwd_expire_policy_warn — användaren kan fortfarande logga in,"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
@@ -8563,7 +8582,7 @@ msgstr ""
 "omedelbart."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 #, fuzzy
 #| msgid ""
 #| "Please note that 'access_provider = ldap' must be set for this feature to "
@@ -8579,7 +8598,7 @@ msgstr ""
 "lämplig lösenordspolicy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -8588,13 +8607,13 @@ msgstr ""
 "för att avgöra åtkomst"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
@@ -8603,7 +8622,7 @@ msgstr ""
 "fjärrvärdar kan få åtkomst"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
@@ -8613,12 +8632,12 @@ msgstr ""
 "åtkomstkontroll aktiveras"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Standard: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -8627,12 +8646,12 @@ msgstr ""
 "gång."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -8645,22 +8664,22 @@ msgstr ""
 "LDAP-servern inte kan kontrolleras ordentligt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Exempel: cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -8669,12 +8688,12 @@ msgstr ""
 "alternativ är tillåtna:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -8683,7 +8702,7 @@ msgstr ""
 "basobjektet, men inte vid lokalisering av basobjektet för sökningen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -8692,7 +8711,7 @@ msgstr ""
 "basobjektet för sökningen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -8701,7 +8720,7 @@ msgstr ""
 "lokalisering av basobjektet för sökningen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -8710,12 +8729,12 @@ msgstr ""
 "klientbiblioteken)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -8724,7 +8743,7 @@ msgstr ""
 "servrar som använder schemat RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -8741,7 +8760,7 @@ msgstr ""
 "via anrop av getpw*() eller initgroups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -8752,12 +8771,12 @@ msgstr ""
 "de lokala användarna med de extra LDAP-grupperna."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr "wildcard_limit (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
@@ -8766,23 +8785,23 @@ msgstr ""
 "jokertecken."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 "För närvarande stödjer endast respondenten InfoPipe jokeruppslagningar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr "Standard: 1000 (ofta storleken på en sida)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr "ldap_library_debug_level (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
@@ -8791,7 +8810,7 @@ msgstr ""
 "kommer skrivas oberoende av den allmänna debug_level."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
@@ -8800,17 +8819,17 @@ msgstr ""
 "komponenter, -1 kommer aktivera fullständig felsökningsutmatning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "Standard: 0 (libldap-felsökning avaktiverat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_use_ppolicy (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -8821,14 +8840,14 @@ msgstr ""
 "vilka skickar tillbaka felaktiga ppolicy-utökningar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -8859,12 +8878,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "SUDOALTERNATIV"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -8875,12 +8894,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -8890,7 +8909,7 @@ msgstr ""
 "servern)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -8899,7 +8918,7 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
@@ -8908,17 +8927,17 @@ msgstr ""
 "0. Dock måste antingen smart eller fullständig uppdatering aktiveras."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "Standard: 21600 (6 timmar)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -8929,7 +8948,7 @@ msgstr ""
 "USN-värde som för närvarande är känt av SSSD)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -8938,7 +8957,7 @@ msgstr ""
 "istället."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -8954,7 +8973,7 @@ msgstr ""
 "<emphasis>ldap_connection_expire_timeout</emphasis>)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
@@ -8963,12 +8982,12 @@ msgstr ""
 "Dock måste antingen smart eller fullständig uppdatering aktiveras."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_sudo_random_offset (heltal)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -8979,7 +8998,7 @@ msgstr ""
 "schemaläggs. Värdet är i sekunder."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -8990,17 +9009,17 @@ msgstr ""
 "tiden under vilken sudo-reglerna inte är tillgängliga för användning."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr "Man kan avaktivera denna fördröjning genom att sätta värdet till 0."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -9009,12 +9028,12 @@ msgstr ""
 "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -9023,7 +9042,7 @@ msgstr ""
 "domännamn som skall användas för att filtrera reglerna."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -9032,8 +9051,8 @@ msgstr ""
 "fullständigt kvalificerade domännamnet automatiskt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -9042,17 +9061,17 @@ msgstr ""
 "emphasis> har detta alternativ ingen effekt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "Standard: inte angivet"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -9061,7 +9080,7 @@ msgstr ""
 "skall användas för att filtrera reglerna."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -9070,12 +9089,12 @@ msgstr ""
 "automatiskt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -9084,12 +9103,12 @@ msgstr ""
 "attributet sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -9098,7 +9117,7 @@ msgstr ""
 "attributet sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
@@ -9107,7 +9126,7 @@ msgstr ""
 "LDAP-serversidan!"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -9120,12 +9139,12 @@ msgstr ""
 "manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "AUTOFSALTERNATIV"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
@@ -9133,47 +9152,47 @@ msgstr ""
 "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "Namnet på automount master-kartan i LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "Standard: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "AVANCERADE ALTERNATIV"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -9186,22 +9205,22 @@ msgstr ""
 "avaktivera denna funktion om gruppnamn inte visas korrekt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (sträng)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -9214,14 +9233,14 @@ msgstr ""
 "type=\"variablelist\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "EXEMPEL"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -9231,7 +9250,7 @@ msgstr ""
 "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9251,7 +9270,7 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -9259,12 +9278,12 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
@@ -9273,7 +9292,7 @@ msgstr ""
 "ldap_access_order=lockout används."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9299,13 +9318,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTER"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -9379,7 +9398,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "FLAGGOR"
 
@@ -15527,7 +15546,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr "SLUTSTATUS"
@@ -15683,7 +15702,7 @@ msgstr "Lösenordet att fördunkla kommer läsas från standard in."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -17880,8 +17899,13 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> för mer detaljer om "
 "detta alternativ."
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -17889,14 +17913,14 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-H</option>,<option>--ssh-hosts</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-H</option>,<option>--ssh-hosts</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -17904,12 +17928,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -17923,7 +17947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -17931,7 +17955,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -17940,10 +17964,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
+#, fuzzy
+#| msgid ""
+#| "In case of successful execution, even if no key was found, 0 is returned. "
+#| "1 is returned in case of error."
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 "Om det lyckas köra, även om inga nycklar hittades, returneras 0. 1 "
 "returneras om något går fel."
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index de138aff06..6d269b4661 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2014-12-15 12:10-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -210,10 +210,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -232,10 +232,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -269,8 +269,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -300,8 +300,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Пешфарз: 10"
 
@@ -368,7 +368,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -388,12 +388,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -401,39 +401,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -590,8 +590,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -862,7 +862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -893,25 +893,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -919,7 +928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -938,12 +947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -952,22 +961,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -977,17 +986,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -997,19 +1006,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 5400"
 msgid "Default: 60, KCM: 300"
 msgstr "Пешфарз: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1020,14 +1029,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1035,44 +1044,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1081,62 +1090,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 3600"
 msgstr "Пешфарз: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 30"
 msgstr "Пешфарз: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1148,58 +1157,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Пешфарз: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1207,7 +1216,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1217,7 +1226,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1226,17 +1235,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Пешфарз: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1244,17 +1253,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Пешфарз: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1262,17 +1271,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1281,7 +1290,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1290,41 +1299,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Пешфарз: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1332,23 +1341,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1356,47 +1365,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1404,113 +1413,113 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Пешфарз: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1518,25 +1527,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1544,19 +1553,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Пешфарз: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1564,12 +1573,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1578,12 +1587,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1594,45 +1603,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 #, fuzzy
 #| msgid "Default: true"
 msgid "Default: <quote>*</quote>"
 msgstr "Пешфарз: true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1641,60 +1650,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Пешфарз: 0 (Номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1702,59 +1711,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Пешфарз: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Пешфарз: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1763,51 +1772,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1818,23 +1827,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1842,7 +1851,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1851,17 +1860,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1869,32 +1878,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Пешфарз: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1904,75 +1913,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1980,19 +1989,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2000,46 +2009,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2047,34 +2056,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2084,7 +2093,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2092,59 +2101,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2152,7 +2161,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2164,63 +2173,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2228,12 +2237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2244,7 +2253,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2252,7 +2261,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2260,7 +2269,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2269,47 +2278,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2318,30 +2327,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2349,7 +2358,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2357,22 +2366,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2380,19 +2389,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2400,7 +2409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2415,7 +2424,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2423,45 +2432,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2469,7 +2478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2477,17 +2486,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2498,24 +2507,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2525,22 +2534,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2548,51 +2557,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2601,12 +2610,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2616,7 +2625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2624,7 +2633,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2633,38 +2642,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2675,7 +2684,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2686,24 +2695,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2711,19 +2720,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2732,7 +2741,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2741,24 +2750,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2769,24 +2778,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2794,24 +2803,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2823,7 +2832,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2834,60 +2843,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2897,66 +2906,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2964,17 +2973,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2982,7 +2991,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -2991,57 +3000,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3051,12 +3060,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3065,14 +3074,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3081,38 +3090,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3121,24 +3130,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3147,36 +3156,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Пешфарз: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3190,14 +3199,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3206,14 +3215,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3221,32 +3230,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3255,19 +3264,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3278,139 +3287,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Пешфарз: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3419,17 +3428,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3441,18 +3450,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3463,7 +3472,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3472,12 +3481,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3485,19 +3494,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3506,17 +3515,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Пешфарз: 0 (номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3525,28 +3534,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3554,7 +3563,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3562,8 +3571,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3571,8 +3580,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3580,19 +3589,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3601,7 +3610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3609,24 +3618,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3638,7 +3647,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3646,30 +3655,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3677,7 +3686,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3685,30 +3694,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3716,19 +3725,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3737,7 +3746,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3745,29 +3754,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3775,7 +3784,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3783,35 +3792,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3819,32 +3828,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3855,7 +3864,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3864,12 +3873,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3877,7 +3886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3885,31 +3894,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3917,7 +3926,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3926,17 +3935,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3944,36 +3953,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3981,7 +3990,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3989,7 +3998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3997,24 +4006,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4022,31 +4031,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4054,7 +4063,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4063,12 +4072,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4078,24 +4087,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4104,19 +4113,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4126,89 +4135,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4216,17 +4225,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Пешфарз: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4235,12 +4244,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4248,7 +4257,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4256,34 +4265,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Пешфарз: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4291,59 +4300,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "Пешфарз: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4351,31 +4360,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4383,104 +4392,104 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4488,27 +4497,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4518,34 +4527,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4554,19 +4563,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4574,12 +4583,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4591,7 +4600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4603,7 +4612,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4611,42 +4620,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4655,7 +4664,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4666,7 +4675,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4674,38 +4683,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: match"
 msgstr "Пешфарз: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4714,24 +4723,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4741,14 +4750,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4756,21 +4765,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4778,7 +4787,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4787,7 +4796,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4796,7 +4805,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4804,17 +4813,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4822,12 +4831,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4835,12 +4844,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4848,12 +4857,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4862,12 +4871,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4875,19 +4884,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4904,7 +4913,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4912,17 +4921,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4931,7 +4940,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4941,7 +4950,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4961,12 +4970,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4977,69 +4986,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5052,7 +5061,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5060,7 +5069,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5069,43 +5078,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5113,12 +5122,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5127,17 +5136,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5145,26 +5154,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5173,17 +5182,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5193,7 +5202,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5202,59 +5211,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5263,7 +5272,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5272,7 +5281,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5283,17 +5292,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5301,46 +5310,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5349,7 +5358,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5357,12 +5366,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5391,7 +5400,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5400,7 +5409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5408,7 +5417,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5419,7 +5428,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5430,7 +5439,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6013,7 +6022,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6100,20 +6109,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6121,17 +6133,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6139,12 +6151,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6152,7 +6164,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6163,7 +6175,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6172,7 +6184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6180,12 +6192,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6193,7 +6205,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6201,26 +6213,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6228,7 +6240,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6236,7 +6248,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6244,41 +6256,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6288,32 +6300,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6321,12 +6333,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6334,12 +6346,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6347,17 +6359,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6368,24 +6380,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6396,12 +6408,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6414,7 +6426,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6426,17 +6438,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6444,49 +6456,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Пешфарз: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6494,28 +6506,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6527,7 +6539,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6535,7 +6547,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6543,39 +6555,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6585,7 +6597,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6593,26 +6605,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6621,7 +6633,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6629,31 +6641,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6666,51 +6678,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6719,12 +6731,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6740,12 +6752,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Намуна:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6754,14 +6766,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6770,24 +6782,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6795,19 +6807,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6816,7 +6828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6824,7 +6836,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6833,7 +6845,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6841,22 +6853,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6866,14 +6878,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6886,12 +6898,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6901,31 +6913,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6933,50 +6945,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6985,74 +6997,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7063,7 +7075,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7071,58 +7083,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7130,12 +7142,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7158,12 +7170,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7171,43 +7183,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7215,14 +7227,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7232,19 +7244,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7252,7 +7264,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7260,106 +7272,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7368,59 +7380,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7429,22 +7441,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7453,14 +7465,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "НАМУНА"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7468,7 +7480,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7481,7 +7493,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7489,19 +7501,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7517,13 +7529,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ЭЗОҲҲО"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7578,7 +7590,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "ИМКОНОТҲО"
 
@@ -12437,7 +12449,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12569,7 +12581,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14313,19 +14325,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14333,12 +14350,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14352,7 +14369,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14360,7 +14377,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14369,10 +14386,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 08642c84c7..4af8fdcffa 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -15,7 +15,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2024-06-27 05:36+0000\n"
 "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/"
@@ -270,10 +270,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -295,10 +295,10 @@ msgstr ""
 "journald, цей параметр буде проігноровано."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -340,8 +340,8 @@ msgstr ""
 "встановлення цього значення не впливає на інші типи журналювання)."
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -375,8 +375,8 @@ msgstr ""
 "самостійно."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr "Типове значення: 10"
 
@@ -469,7 +469,7 @@ msgstr ""
 "використовувати символ «/»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr "re_expression (рядок)"
 
@@ -495,12 +495,12 @@ msgstr ""
 "ДОМЕНІВ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr "full_name_format (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -512,32 +512,32 @@ msgstr ""
 "домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr "ім’я користувача"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -546,7 +546,7 @@ msgstr ""
 "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -754,8 +754,8 @@ msgstr ""
 "default_domain_suffix.</phrase>"
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -1099,7 +1099,7 @@ msgstr ""
 "різних доменах можуть бути однаковими."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr "Типове значення: не встановлено"
@@ -1138,18 +1138,27 @@ msgstr ""
 "тексту. Див. сторінку підручника щодо prctl:PR_SET_DUMPABLE, щоб дізнатися "
 "більше."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr "passkey_verification (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr "user_verification (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
@@ -1158,7 +1167,7 @@ msgstr ""
 "розпізнавання. Якщо увімкнено, програма завжди надсилатиме запит щодо PIN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -1169,7 +1178,7 @@ msgstr ""
 "перезаписано сервером."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -1196,12 +1205,12 @@ msgstr ""
 "профілів.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "РОЗДІЛИ СЛУЖБ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1214,22 +1223,22 @@ msgstr ""
 "у розділі <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "Загальні параметри налаштування служб"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1245,17 +1254,17 @@ msgstr ""
 "цього параметра і обмеженням \"hard\" у limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1271,17 +1280,17 @@ msgstr ""
 "до 10 секунд."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 msgid "Default: 60, KCM: 300"
 msgstr "Типове значення: 60, KCM: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1299,7 +1308,7 @@ msgstr ""
 "із мережею нове значення обчислюється за такою формулою:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
@@ -1308,7 +1317,7 @@ msgstr ""
 "offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1319,7 +1328,7 @@ msgstr ""
 "є 30. Кінцевий результат є кількістю секунд до наступної повторної спроби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
@@ -1328,18 +1337,18 @@ msgstr ""
 "offline_timeout_max (окрім випадкової частини)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr "Типове значення: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr "offline_timeout_max (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
@@ -1348,12 +1357,12 @@ msgstr ""
 "з'єднання із мережею після неуспішних спроби відновити з'єднання."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr "Значення 0 вимикає збільшення проміжку часу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
@@ -1362,7 +1371,7 @@ msgstr ""
 "параметра offline_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1376,7 +1385,7 @@ msgstr ""
 "offline_timeout_max, яке є принаймні учетверо більшим за offline_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
@@ -1385,17 +1394,17 @@ msgstr ""
 "стане перевизначення значення offline_timeout, тому не варто цього робити."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 msgid "Default: 3600"
 msgstr "Типове значення: 3600"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr "offline_timeout_random_offset (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
@@ -1404,7 +1413,7 @@ msgstr ""
 "обробників із вказаними інтервалами часу:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
@@ -1414,27 +1423,27 @@ msgstr ""
 "числом у такому діапазоні:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr "[0 - offline_timeout_random_offset]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr "Значення 0 призводить до вимикання додавання випадкового зсуву."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 msgid "Default: 30"
 msgstr "Типове значення: 30"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr "responder_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1453,18 +1462,18 @@ msgstr ""
 "і якщо служби активуються за допомогою або сокетів або D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr "Типове значення: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr "cache_first"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
@@ -1473,12 +1482,12 @@ msgstr ""
 "запису до модулів засобів надання даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr "Параметри налаштування NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1486,12 +1495,12 @@ msgstr ""
 "Switch (NSS або перемикання служби визначення назв)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1500,17 +1509,17 @@ msgstr ""
 "кеші nss_sss у секундах"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr "Типове значення: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1521,7 +1530,7 @@ msgstr ""
 "entry_cache_timeout для домену період часу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1536,7 +1545,7 @@ msgstr ""
 "розблокування після оновлення кешу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1550,17 +1559,17 @@ msgstr ""
 "можливість."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr "Типове значення: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1571,17 +1580,17 @@ msgstr ""
 "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr "Типове значення: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr "local_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1593,17 +1602,17 @@ msgstr ""
 "цю можливість."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr "Типове значення: 14400 (4 години)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1618,7 +1627,7 @@ msgstr ""
 "реєстраційного запису користувача (UPN)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1632,17 +1641,17 @@ msgstr ""
 "відфільтрованої групи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr "Типове значення: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1650,12 +1659,12 @@ msgstr ""
 "встановіть для цього параметра значення «false»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1664,7 +1673,7 @@ msgstr ""
 "каталог не вказано явним чином засобом надання даних домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1672,7 +1681,7 @@ msgstr ""
 "для параметра override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1682,25 +1691,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Типове значення: не встановлено (без замін для невстановлених домашніх "
 "каталогів)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr "override_shell (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1712,19 +1721,19 @@ msgstr ""
 "або для кожного з доменів окремо."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
 "від LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1732,13 +1741,13 @@ msgstr ""
 "визначення оболонки є таким:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1748,7 +1757,7 @@ msgstr ""
 "shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1757,14 +1766,14 @@ msgstr ""
 "<quote>/etc/shells</quote>, буде використано оболонку nologin."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 "Для визначення будь-якої командної оболонки можна скористатися шаблоном "
 "заміни (*)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1776,12 +1785,12 @@ msgstr ""
 "справою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Порожній рядок оболонки буде передано без обробки до libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1790,29 +1799,29 @@ msgstr ""
 "тобто у разі встановлення нової оболонки слід перезапустити SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Типове значення: не встановлено. Автоматично використовується оболонка "
 "користувача."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Замінити всі записи цих оболонок на shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1820,17 +1829,17 @@ msgstr ""
 "системі не встановлено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr "Типове значення: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1840,7 +1849,7 @@ msgstr ""
 "або на загальному рівні у розділі [nss], або окремо для кожного з доменів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1850,12 +1859,12 @@ msgstr ""
 "зазвичай /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1864,12 +1873,12 @@ msgstr ""
 "чинним."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr "memcache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
@@ -1879,7 +1888,7 @@ msgstr ""
 "пам'яті."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
@@ -1888,8 +1897,8 @@ msgstr ""
 "варто користуватися лише для тестування."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
@@ -1899,12 +1908,12 @@ msgstr ""
 "пам’яті."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr "memcache_size_passwd (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1914,13 +1923,13 @@ msgstr ""
 "для запитів passwd. Встановлення розміру 0 вимкне кеш у пам'яті для passwd."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr "Типове значення: 8"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
@@ -1929,12 +1938,12 @@ msgstr ""
 "значно погіршити швидкодію SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr "memcache_size_group (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1944,19 +1953,19 @@ msgstr ""
 "для запитів group. Встановлення розміру 0 вимкне кеш у пам'яті для group."
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr "Типове значення: 6"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr "memcache_size_initgroups (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1967,12 +1976,12 @@ msgstr ""
 "initgroups."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr "memcache_size_sid (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1985,12 +1994,12 @@ msgstr ""
 "0 вимкне кеш у пам'яті для SID."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr "user_attributes (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -2007,7 +2016,7 @@ msgstr ""
 "manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
@@ -2016,19 +2025,19 @@ msgstr ""
 "на те, чи не встановлено його для відповідача NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 "Типове значення: не встановлено, резервне значення визначається за "
 "параметром InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr "pwfield (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
@@ -2037,12 +2046,12 @@ msgstr ""
 "груп, для поля <quote>password</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr "Типове значення: <quote>*</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
@@ -2052,7 +2061,7 @@ msgstr ""
 "розділі [nss]."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -2065,12 +2074,12 @@ msgstr ""
 "shadowutils)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr "Параметри налаштування PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -2079,12 +2088,12 @@ msgstr ""
 "Authentication Module (PAM або блокового модуля розпізнавання)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -2094,17 +2103,17 @@ msgstr ""
 "входу до системи)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr "Типове значення: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -2113,12 +2122,12 @@ msgstr ""
 "дозволену кількість спроб входу з визначенням помилкового пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -2128,7 +2137,7 @@ msgstr ""
 "системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -2140,17 +2149,17 @@ msgstr ""
 "увімкнути можливість автономного розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr "Типове значення: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -2159,43 +2168,43 @@ msgstr ""
 "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr "У поточній версії sssd передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Типове значення: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr "pam_response_filter (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -2209,7 +2218,7 @@ msgstr ""
 "встановлювати за допомогою pam_sss."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
@@ -2219,37 +2228,37 @@ msgstr ""
 "повідомлень."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr "ENV"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr "Не надсилати жодних змінних середовища до жодної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr "ENV:назва_змінної"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr "Не надсилати змінної середовища назва_змінної до жодної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr "ENV:назва_змінної:служба"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr "Не надсилати змінної середовища назва_змінної до вказаної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -2258,7 +2267,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -2276,23 +2285,23 @@ msgstr ""
 "Змішування стилів вважається помилкою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr "Типове значення: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr "Приклад: -ENV:KRB5CCNAME:sudo-i вилучає фільтр зі списку типових"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -2303,7 +2312,7 @@ msgstr ""
 "що розпізнавання виконується на основі найсвіжіших даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -2317,18 +2326,18 @@ msgstr ""
 "надання даних профілів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 "Показати попередження за вказану кількість днів перед завершенням дії пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2339,7 +2348,7 @@ msgstr ""
 "попередження."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -2349,7 +2358,7 @@ msgstr ""
 "буде автоматично показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -2358,18 +2367,18 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Типове значення: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2385,13 +2394,13 @@ msgstr ""
 "під час запуску системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 "Типове значення: типово усі користувачі вважаються надійними (довіреними)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
@@ -2400,12 +2409,12 @@ msgstr ""
 "відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
@@ -2414,12 +2423,12 @@ msgstr ""
 "отримувати навіть ненадійні користувачі."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr "Визначено два спеціальних значення параметра pam_public_domains:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -2427,7 +2436,7 @@ msgstr ""
 "PAM.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -2436,19 +2445,19 @@ msgstr ""
 "відповідачі.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr "Типове значення: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
@@ -2457,7 +2466,7 @@ msgstr ""
 "замінити типове повідомлення «Доступ заборонено» («Permission denied»)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
@@ -2467,7 +2476,7 @@ msgstr ""
 "(показувати усі повідомлення і діагностичні дані)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2477,12 +2486,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr "pam_account_locked_message (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
@@ -2491,7 +2500,7 @@ msgstr ""
 "типове повідомлення «Доступ заборонено» («Permission denied»)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2501,46 +2510,46 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr "pam_passkey_auth (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr "Увімкнути розпізнавання на основі пристрою ключа."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr "Типове значення: True"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr "passkey_debug_libfido2 (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr "Увімкнути діагностичні повідомлення бібліотеки libfido2."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr "Типове значення: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr "pam_cert_auth (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2551,22 +2560,22 @@ msgstr ""
 "розпізнавання, типово таку сертифікацію вимкнено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr "pam_cert_db_path (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr "Шлях до бази даних сертифікатів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr "Типове значення:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
@@ -2575,12 +2584,12 @@ msgstr ""
 "служб сертифікації у форматі PEM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr "pam_cert_verification (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2595,7 +2604,7 @@ msgstr ""
 "<quote>certificate_verification</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2605,7 +2614,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
@@ -2615,24 +2624,24 @@ msgstr ""
 "<quote>[sssd]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr "p11_child_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 "Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи "
 "p11_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr "passkey_child_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
@@ -2640,12 +2649,12 @@ msgstr ""
 "роботи passkey_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr "pam_app_services (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
@@ -2654,12 +2663,12 @@ msgstr ""
 "типу <quote>application</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr "pam_p11_allowed_services (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
@@ -2668,7 +2677,7 @@ msgstr ""
 "використання смарткарток."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2678,7 +2687,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2697,64 +2706,64 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 "Типове значення: типовий набір назв служб PAM складається з таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr "gnome-screensaver"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr "p11_wait_for_card_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2765,12 +2774,12 @@ msgstr ""
 "має чекати на вставлення смарткартки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr "p11_uri (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2789,7 +2798,7 @@ msgstr ""
 "слід використовувати вказаний зчитувач."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2799,7 +2808,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2809,7 +2818,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2823,17 +2832,17 @@ msgstr ""
 "який покаже і адреси PKCS#11."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr "pam_initgroups_scheme"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr "always"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
@@ -2841,12 +2850,12 @@ msgstr ""
 "буде все одно застосовано"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr "no_session"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
@@ -2855,12 +2864,12 @@ msgstr ""
 "тобто якщо користувач не працює у системі"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr "never"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
@@ -2869,7 +2878,7 @@ msgstr ""
 "аж доки вони не застаріють"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2882,17 +2891,17 @@ msgstr ""
 "таких значень: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr "Типове значення: no_session"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr "pam_gssapi_services"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
@@ -2901,7 +2910,7 @@ msgstr ""
 "розпізнавання за GSSAPI за допомогою модуля pam_sss_gss.so."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
@@ -2909,7 +2918,7 @@ msgstr ""
 "значення <quote>-</quote> (дефіс)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2921,7 +2930,7 @@ msgstr ""
 "вищий пріоритет за значення у розділі домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2931,22 +2940,22 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr "Типове значення: - (розпізнавання за GSSAPI вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr "pam_gssapi_check_upn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2958,7 +2967,7 @@ msgstr ""
 "вважатиметься неуспішним, якщо перевірку не буде пройдено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
@@ -2967,12 +2976,12 @@ msgstr ""
 "зможуть отримати бажаний квиток служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr "pam_gssapi_indicators_map"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2983,7 +2992,7 @@ msgstr ""
 "відокремлених комами індикаторів розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -3008,7 +3017,7 @@ msgstr ""
 "служби PAM є порожнім, перевірка не закриватиме доступ для жодного запису."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -3019,7 +3028,7 @@ msgstr ""
 "вимкнути перевірку для певної служби PAM, додайте <quote>служба:-</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
@@ -3028,7 +3037,7 @@ msgstr ""
 "індикаторів розпізнавання:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
@@ -3037,7 +3046,7 @@ msgstr ""
 "зберігаються у файлах або на смарткартках."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
@@ -3046,12 +3055,12 @@ msgstr ""
 "розпізнавання у обгортці каналу FAST."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr "radius — попереднє розпізнавання за допомогою сервера RADIUS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
@@ -3060,14 +3069,14 @@ msgstr ""
 "розпізнавання (2FA або одноразовий пароль, OTP) в IPA."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 "idp — попереднє розпізнавання за допомогою зовнішнього надавача даних "
 "профілів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -3077,7 +3086,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -3089,19 +3098,19 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 "Типове значення: не встановлено (немає потреби у використанні індикаторів "
 "розпізнавання)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr "Параметри налаштування SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -3119,12 +3128,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -3133,12 +3142,12 @@ msgstr ""
 "призначені для визначення часових обмежень для записів sudoers."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr "sudo_threshold (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -3154,22 +3163,22 @@ msgstr ""
 "sudo IPA та групових пошуків команд."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr "Параметри налаштування AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -3180,22 +3189,22 @@ msgstr ""
 "базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr "Параметри налаштувань SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr "Цими параметрами можна скористатися для налаштування служби SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -3203,12 +3212,12 @@ msgstr ""
 "Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -3217,17 +3226,17 @@ msgstr ""
 "файлі known_hosts після надсилання запиту щодо ключів вузла."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr "Типове значення: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr "ssh_use_certificate_keys (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -3241,12 +3250,12 @@ msgstr ""
 "refentrytitle> <manvolnum>1</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr "ssh_use_certificate_matching_rules (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -3262,7 +3271,7 @@ msgstr ""
 "відокремлених комами. Усі інші правила буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -3274,7 +3283,7 @@ msgstr ""
 "сертифікатів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -3287,7 +3296,7 @@ msgstr ""
 "розпізнавання за сертифікатом."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
@@ -3297,7 +3306,7 @@ msgstr ""
 "проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
@@ -3306,12 +3315,12 @@ msgstr ""
 "використано усі знайдені правила або типове правило"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr "ca_db (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
@@ -3320,12 +3329,12 @@ msgstr ""
 "перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr "Параметри налаштування відповідача PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -3343,7 +3352,7 @@ msgstr ""
 "декодовано і визначено, виконуються деякі з таких дій:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -3361,7 +3370,7 @@ msgstr ""
 "параметра default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -3370,18 +3379,18 @@ msgstr ""
 "додано до цих груп."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Цими параметрами можна скористатися для налаштовування відповідача PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -3392,7 +3401,7 @@ msgstr ""
 "іменами користувачів визначатимуться під час запуску."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
@@ -3401,14 +3410,14 @@ msgstr ""
 "root і користувачі служб SSSD)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
 "користувач (root))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -3422,7 +3431,7 @@ msgstr ""
 "відповідні записи явно."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -3436,12 +3445,12 @@ msgstr ""
 "запис 0."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr "pac_lifetime (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
@@ -3450,12 +3459,12 @@ msgstr ""
 "використовувати для визначення членства користувача у групі."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr "pac_check (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -3472,12 +3481,12 @@ msgstr ""
 "krb5_validate встановлено значення «False», перевірки PAC буде пропущено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr "no_check"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
@@ -3486,12 +3495,12 @@ msgstr ""
 "виконано не буде."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr "pac_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -3502,12 +3511,12 @@ msgstr ""
 "зазнає невдачі."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr "check_upn"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
@@ -3516,12 +3525,12 @@ msgstr ""
 "користувача (UPN)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr "check_upn_allow_missing"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -3541,7 +3550,7 @@ msgstr ""
 "потреби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -3558,23 +3567,23 @@ msgstr ""
 "призведе до пропускання перевірки, і повідомлення зникне з журналу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr "upn_dns_info_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 "PAC має містити буфер UPN-DNS-INFO; неявним чином встановлює «check_upn»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr "check_upn_dns_info_ex"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
@@ -3583,12 +3592,12 @@ msgstr ""
 "узгодженими дані у розширенні."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr "upn_dns_info_ex_present"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
@@ -3597,7 +3606,7 @@ msgstr ""
 "«check_upn_dns_info_ex», «upn_dns_info_present» і «check_upn»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3606,7 +3615,7 @@ msgstr ""
 "відокремлених комами значень: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
@@ -3615,12 +3624,12 @@ msgstr ""
 "check_upn_allow_missing, check_upn_dns_info_ex»)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr "Параметри налаштовування запису сеансів"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -3635,32 +3644,32 @@ msgstr ""
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr "scope (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr "\"none\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr "Користувачі не записуються."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr "\"some\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
@@ -3669,17 +3678,17 @@ msgstr ""
 "<replaceable>користувачі</replaceable> і <replaceable>групи</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr "\"all\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr "Усі користувачі записуються."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -3688,17 +3697,17 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr "Типове значення: none"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr "users (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -3710,17 +3719,17 @@ msgstr ""
 "тощо."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr "Типове значення: порожнє. Не відповідає жодному користувачу."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr "groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -3732,7 +3741,7 @@ msgstr ""
 "символів тощо."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -3745,17 +3754,17 @@ msgstr ""
 "належить користувач."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr "Типове значення: порожнє. Не відповідає жодній групі."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr "exclude_users (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
@@ -3764,17 +3773,17 @@ msgstr ""
 "записування. Може бути застосовано лише разом із «scope=all»."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr "Типове значення: порожнє. Не виключати жодного користувача."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr "exclude_groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
@@ -3783,23 +3792,23 @@ msgstr ""
 "із записування. Може бути застосовано лише разом із «scope=all»."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr "Типове значення: порожнє. Не виключати жодної групи."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr "РОЗДІЛИ ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr "enabled"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3814,12 +3823,12 @@ msgstr ""
 "параметрі доменів у розділі <quote>[sssd]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr "domain_type (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3832,7 +3841,7 @@ msgstr ""
 "з доменів POSIX."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
@@ -3841,7 +3850,7 @@ msgstr ""
 "<quote>application</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3853,7 +3862,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) і відповідача PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
@@ -3862,7 +3871,7 @@ msgstr ""
 "application з <quote>id_provider=ldap</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
@@ -3871,17 +3880,17 @@ msgstr ""
 "ласка, ознайомтеся із розділом <quote>Домени програм</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr "Типове значення: posix"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -3890,7 +3899,7 @@ msgstr ""
 "відповідає цим обмеженням, його буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3903,7 +3912,7 @@ msgstr ""
 "основної групи і належать діапазону, буде виведено у звичайному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -3912,17 +3921,17 @@ msgstr ""
 "лише повернення записів за назвою або ідентифікатором."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr "enumerate (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3935,22 +3944,22 @@ msgstr ""
 "мати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = користувачі і групи нумеруються"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = не використовувати нумерацію для цього домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr "Типове значення: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
@@ -3959,7 +3968,7 @@ msgstr ""
 "користувачів і груп із віддаленого сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
@@ -3968,7 +3977,7 @@ msgstr ""
 "id_provider = proxy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3991,7 +4000,7 @@ msgstr ""
 "<quote>sssd_be</quote> або навіть перезапуску усього засобу стеження."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -4001,7 +4010,7 @@ msgstr ""
 "завершено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -4015,7 +4024,7 @@ msgstr ""
 "відповідного використаного засобу обробки ідентифікаторів (id_provider)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -4024,7 +4033,7 @@ msgstr ""
 "об’ємних середовищах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -4036,32 +4045,32 @@ msgstr ""
 "використано у цій конфігурації."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Усі виявлені надійні домени буде пронумеровано"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Нумерація виявлених надійних доменів не виконуватиметься"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -4074,12 +4083,12 @@ msgstr ""
 "доменів, для яких буде увімкнено нумерацію."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -4088,7 +4097,7 @@ msgstr ""
 "надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -4105,17 +4114,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr "Типове значення: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -4124,19 +4133,19 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr "Типове значення: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -4145,12 +4154,12 @@ msgstr ""
 "ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -4159,12 +4168,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -4173,12 +4182,12 @@ msgstr ""
 "ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr "entry_cache_resolver_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
@@ -4187,12 +4196,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -4201,12 +4210,12 @@ msgstr ""
 "надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -4215,12 +4224,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -4230,12 +4239,12 @@ msgstr ""
 "вузла у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr "entry_cache_computer_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
@@ -4244,12 +4253,12 @@ msgstr ""
 "перш ніж надсилати запит до модуля обробки даних знову"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -4259,7 +4268,7 @@ msgstr ""
 "вичерпано або майже вичерпано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -4273,18 +4282,18 @@ msgstr ""
 "запис користувача, і дані щодо участі у групах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr "Цей параметр автоматично успадковується для усіх довірених доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -4305,18 +4314,18 @@ msgstr ""
 "чинність наявного кешу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr "Типове значення: 0 (вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -4333,7 +4342,7 @@ msgstr ""
 "мережеве розпізнавання було записано до кешу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -4346,12 +4355,12 @@ msgstr ""
 "додаткових прав доступу) і визначить пароль за допомогою простого перебору."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr "cache_credentials_minimal_first_factor_length (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -4363,7 +4372,7 @@ msgstr ""
 "контрольної суми SHA512 у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
@@ -4373,12 +4382,12 @@ msgstr ""
 "мішенню атак із перебиранням паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -4391,17 +4400,17 @@ msgstr ""
 "offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr "Типове значення: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -4414,17 +4423,17 @@ msgstr ""
 "даних розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr "id_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -4432,12 +4441,12 @@ msgstr ""
 "Серед підтримуваних засобів такі:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "«proxy»: підтримка застарілого модуля надання даних NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4449,7 +4458,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -4460,8 +4469,8 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4473,8 +4482,8 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4486,12 +4495,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -4501,7 +4510,7 @@ msgstr ""
 "NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -4514,7 +4523,7 @@ msgstr ""
 "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -4525,7 +4534,7 @@ msgstr ""
 "груп, якщо задано неповну назву, буде виконано пошук у всіх доменах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
@@ -4534,17 +4543,17 @@ msgstr ""
 "використано default_domain_suffix)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr "Не повертати записи учасників груп для пошуків груп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -4563,7 +4572,7 @@ msgstr ""
 "$groupname</quote> поверне запитану групу так, наче вона була порожня."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -4574,11 +4583,11 @@ msgstr ""
 "учасників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
@@ -4587,12 +4596,12 @@ msgstr ""
 "успадковано за допомогою <emphasis>subdomain_inherit</emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr "auth_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -4601,7 +4610,7 @@ msgstr ""
 "служб розпізнавання:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4613,7 +4622,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4625,18 +4634,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -4645,12 +4654,12 @@ msgstr ""
 "спосіб встановлено і можлива обробка запитів щодо розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr "access_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -4661,7 +4670,7 @@ msgstr ""
 "Вбудованими програмами є:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -4670,12 +4679,12 @@ msgstr ""
 "доступу для локального домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> — завжди забороняти доступ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -4688,7 +4697,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -4700,24 +4709,24 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 "<quote>proxy</quote> — для трансляції керування доступом до іншого модуля "
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr "Типове значення: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -4726,7 +4735,7 @@ msgstr ""
 "підтримку таких систем зміни паролів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4738,7 +4747,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4750,18 +4759,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -4770,19 +4779,19 @@ msgstr ""
 "цього параметра і якщо система здатна обробляти запити щодо паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
 "SUDO:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4794,7 +4803,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -4803,7 +4812,7 @@ msgstr ""
 "параметрами IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -4812,20 +4821,20 @@ msgstr ""
 "параметрами AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> явним чином вимикає SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Типове значення: використовується значення <quote>id_provider</quote>, якщо "
 "його встановлено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -4844,7 +4853,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -4858,12 +4867,12 @@ msgstr ""
 "sudo у SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -4874,7 +4883,7 @@ msgstr ""
 "доступу. Передбачено підтримку таких засобів надання даних SELinux:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4886,14 +4895,14 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
 "SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -4902,12 +4911,12 @@ msgstr ""
 "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -4917,7 +4926,7 @@ msgstr ""
 "підтримку таких засобів надання даних піддоменів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4929,7 +4938,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -4942,17 +4951,17 @@ msgstr ""
 "налаштовування засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr "session_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -4964,14 +4973,14 @@ msgstr ""
 "постачальники даних сеансів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 "<quote>ipa</quote>, щоб дозволити пов'язані із сеансами користувачів "
 "завдання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
@@ -4979,7 +4988,7 @@ msgstr ""
 "користувачів завдань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
@@ -4988,12 +4997,12 @@ msgstr ""
 "його встановлено і дозволено виконувати пов'язані із сеансами завдання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -5001,7 +5010,7 @@ msgstr ""
 "autofs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5013,7 +5022,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5025,7 +5034,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5037,17 +5046,17 @@ msgstr ""
 "надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> вимикає autofs повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -5056,7 +5065,7 @@ msgstr ""
 "вузла. Серед підтримуваних засобів надання hostid:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -5068,17 +5077,17 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> вимикає hostid повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr "resolver_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
@@ -5087,7 +5096,7 @@ msgstr ""
 "підтримку таких надавачів даних для визначення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
@@ -5096,7 +5105,7 @@ msgstr ""
 "Див. <quote>proxy_resolver_lib_name</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -5108,7 +5117,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -5121,13 +5130,13 @@ msgstr ""
 "налаштовування засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 "<quote>none</quote> забороняє ячним чином отримання даних вузлів і мереж."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -5141,7 +5150,7 @@ msgstr ""
 "IPA та доменів Active Directory, простій назві (NetBIOS) домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
@@ -5150,17 +5159,17 @@ msgstr ""
 "name&gt;[^@]+))$</quote>, що дозволяє два різних стилі імен користувачів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr "користувач"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr "користувач@назва.домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -5173,12 +5182,12 @@ msgstr ""
 "стилі запису імен користувачів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr "домен\\користувач"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -5187,7 +5196,7 @@ msgstr ""
 "того, щоб полегшити інтеграцію користувачів з доменів Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -5202,17 +5211,17 @@ msgstr ""
 "ім'я з <quote>@</quote>, йому слід скорити власний re_expression."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -5221,48 +5230,48 @@ msgstr ""
 "під час виконання пошуків у DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr "Передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
 "спробувати формат IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
 "спробувати формат IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr "Типове значення: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr "dns_resolver_server_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
@@ -5271,7 +5280,7 @@ msgstr ""
 "обмінятися даними із сервером DNS, перш ніж пробувати наступний сервер DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
@@ -5279,7 +5288,7 @@ msgstr ""
 "очікування на відгук на луна-імпульс CLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
@@ -5288,17 +5297,17 @@ msgstr ""
 "більше про розв'язування питань, пов'язаних із службами."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr "Типове значення: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr "dns_resolver_op_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -5310,17 +5319,17 @@ msgstr ""
 "наступного DNS."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "Типове значення: 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -5333,12 +5342,12 @@ msgstr ""
 "роботу у автономному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr "dns_resolver_use_search_list (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -5349,7 +5358,7 @@ msgstr ""
 "затримок у середовищах, де DNS не налаштовано належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -5360,17 +5369,17 @@ msgstr ""
 "пошукам DNS у таких середовищах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 msgid "Default: TRUE"
 msgstr "Типове значення: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -5379,18 +5388,18 @@ msgstr ""
 "частину запиту визначення служб DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr "failover_primary_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -5401,58 +5410,58 @@ msgstr ""
 "встановити з'єднання із основним сервером."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr "Зауваження: мінімальним значенням є 31."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 msgid "Default: 31"
 msgstr "Типове значення: 31"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr "override_gid (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr "Замірити значення основного GID на вказане."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 "Враховується регістр. Це значення є некоректним для засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr "Без врахування регістру."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -5464,7 +5473,7 @@ msgstr ""
 "буде переведено у нижній регістр."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
@@ -5473,7 +5482,7 @@ msgstr ""
 "даних IPA, вам доведеться встановити його на боці клієнта і SSSD на сервері."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -5482,17 +5491,17 @@ msgstr ""
 "значення: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr "Типове значення: True (False для засобу надання даних AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -5504,47 +5513,47 @@ msgstr ""
 "параметрів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr "ldap_search_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr "ldap_network_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr "ldap_opt_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr "ldap_offline_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr "ldap_enumeration_refresh_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr "ldap_enumeration_refresh_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr "ldap_purge_cache_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
@@ -5553,57 +5562,57 @@ msgstr ""
 "ldap_krb5_keytab не встановлено явним чином)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr "ldap_krb5_ticket_lifetime"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr "ldap_enumeration_search_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr "ldap_connection_expire_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr "ldap_connection_expire_offset"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr "ldap_connection_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr "auto_private_groups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr "case_sensitive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -5613,28 +5622,28 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 "Зауваження: цей параметр працює лише для засобів надання даних IPA і AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "спрощена (NetBIOS) назва піддомену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -5649,7 +5658,7 @@ msgstr ""
 "emphasis>.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -5657,17 +5666,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Типове значення: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -5675,12 +5684,12 @@ msgstr ""
 "домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr "cached_auth_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -5694,7 +5703,7 @@ msgstr ""
 "розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
@@ -5704,12 +5713,12 @@ msgstr ""
 "значення для різних довірених доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -5720,12 +5729,12 @@ msgstr ""
 "обробки <quote>initgroups</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr "local_auth_policy (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -5745,7 +5754,7 @@ msgstr ""
 "методи, обробка і перевірка у яких відбуватиметься локально."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -5765,7 +5774,7 @@ msgstr ""
 "<quote>enable:passkey, enable:smartcard</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -5776,42 +5785,42 @@ msgstr ""
 "при типовому значенні local_auth_policy: <quote>match</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr "local_auth_policy = match (типове значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr "Ключ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr "Картка пам'яті"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr "IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr "AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr "вимкнено"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr "LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -5825,7 +5834,7 @@ msgstr ""
 "наприклад, запиту щодо пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -5841,7 +5850,7 @@ msgstr ""
 "local_auth_policy = only\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -5852,7 +5861,7 @@ msgstr ""
 "smartcard, passkey).  <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
@@ -5861,22 +5870,22 @@ msgstr ""
 "local_auth_policy і підтримує типово розпізнавання за карткою пам'яті."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 msgid "Default: match"
 msgstr "Типове значення: match"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr "auto_private_groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr "true"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
@@ -5885,7 +5894,7 @@ msgstr ""
 "користувача. У цьому випадку номер GID буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -5898,12 +5907,12 @@ msgstr ""
 "примусово встановлює унікальність записів у просторі ідентифікаторів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr "false"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
@@ -5912,12 +5921,12 @@ msgstr ""
 "вказувати на об'єкт групи у базі даних LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr "hybrid"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -5932,7 +5941,7 @@ msgstr ""
 "цього користувача визначатиме цей об'єкт групи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
@@ -5941,7 +5950,7 @@ msgstr ""
 "групи, інакше надійне визначення GID буде просто неможливим."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -5952,7 +5961,7 @@ msgstr ""
 "збереженням наявних приватних груп для користувачів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -5961,7 +5970,7 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
@@ -5971,7 +5980,7 @@ msgstr ""
 "використовується автоматична прив'язка до ідентифікаторів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -5981,7 +5990,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -5993,7 +6002,7 @@ msgstr ""
 "auto_private_groups = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -6007,7 +6016,7 @@ msgstr ""
 "subdomain_inherit: <placeholder type=\"programlisting\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -6018,17 +6027,17 @@ msgstr ""
 "quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -6040,12 +6049,12 @@ msgstr ""
 "local_auth_policy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -6056,12 +6065,12 @@ msgstr ""
 "наприклад _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr "proxy_resolver_lib_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -6072,12 +6081,12 @@ msgstr ""
 "_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -6092,12 +6101,12 @@ msgstr ""
 "у кеші, щоб пришвидшити надання результатів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr "proxy_max_children (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -6109,7 +6118,7 @@ msgstr ""
 "використання черги запитів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -6118,12 +6127,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr "Домени програм (application)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -6151,7 +6160,7 @@ msgstr ""
 "який може успадковувати параметр з традиційного домену SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -6162,17 +6171,17 @@ msgstr ""
 "його доменом-близнюком у POSIX має бути встановлено належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr "Параметри доменів програм"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr "inherit_from (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -6184,7 +6193,7 @@ msgstr ""
 "розширюють або перевизначають параметри домену-<quote>близнюка</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -6199,7 +6208,7 @@ msgstr ""
 "у кеші і робить атрибут phone доступним через інтерфейс D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6233,12 +6242,12 @@ msgstr ""
 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -6256,57 +6265,57 @@ msgstr ""
 "такі параметри:"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr "ldap_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr "ldap_user_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr "ldap_group_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr "ldap_netgroup_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr "ldap_service_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr "ldap_sasl_mech,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr "ad_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr "ad_backup_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr "ad_site,"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr "use_fully_qualified_names"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
@@ -6315,12 +6324,12 @@ msgstr ""
 "підручника."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr "РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -6343,7 +6352,7 @@ msgstr ""
 "використовують для розпізнавання PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -6355,7 +6364,7 @@ msgstr ""
 "citerefentry>)."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -6368,12 +6377,12 @@ msgstr ""
 "replaceable>]</quote>. У цьому розділі можна використовувати такі параметри:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr "matchrule (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
@@ -6382,7 +6391,7 @@ msgstr ""
 "цьому правилу. Усі інші сертифікати буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
@@ -6392,17 +6401,17 @@ msgstr ""
 "<quote>clientAuth</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr "maprule (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr "Визначає спосіб пошуку користувача для вказаного сертифіката."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
@@ -6411,7 +6420,7 @@ msgstr ""
 "даних, зокрема <quote>ldap</quote>, <quote>AD</quote> та <quote>ipa</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -6419,12 +6428,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr "domains (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -6437,17 +6446,17 @@ msgstr ""
 "параметр можна використати і для додавання правила до піддоменів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr "Типове значення: домен, який налаштовано у sssd.conf"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr "priority (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -6458,12 +6467,12 @@ msgstr ""
 "пріоритетність, а <quote>4294967295</quote> — найнижча."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr "Типове значення: найнижча пріоритетність"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
@@ -6473,7 +6482,7 @@ msgstr ""
 "спеціальних властивостей:"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
@@ -6482,7 +6491,7 @@ msgstr ""
 "відповідного облікового запису користувача"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -6495,17 +6504,17 @@ msgstr ""
 "quote> або <quote>({назва_об'єкта_rfc822.коротка_назва})</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr "параметр <quote>domains</quote> буде проігноровано"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr "РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -6521,7 +6530,7 @@ msgstr ""
 "реєстраційних даних."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -6535,22 +6544,22 @@ msgstr ""
 "випадках мають забезпечити описані нижче параметри."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr "[prompting/password]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr "password_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr "для зміни рядка запиту пароля"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
@@ -6559,37 +6568,37 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr "[prompting/2fa]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr "first_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr "для зміни рядка запиту для першого фактора"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr "second_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr "для зміни рядка запиту для другого фактора"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr "single_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -6602,7 +6611,7 @@ msgstr ""
 "якщо другий фактор не є обов'язковим."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -6615,7 +6624,7 @@ msgstr ""
 "паролем, або за двома факторами, має бути використано двокроковий запит."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -6626,17 +6635,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr "[prompting/passkey]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr "interactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -6647,22 +6656,22 @@ msgstr ""
 "тактильного перемикача."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr "interactive_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr "для зміни повідомлення інтерактивного запиту."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr "touch"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
@@ -6671,17 +6680,17 @@ msgstr ""
 "користувачеві щодо потреби торкнутися пристрою."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr "touch_prompt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr "для зміни повідомлення запиту щодо торкання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -6690,7 +6699,7 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -6703,7 +6712,7 @@ msgstr ""
 "type=\"variablelist\" id=\"1\"/><placeholder type=\"variablelist\" id=\"2\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -6714,12 +6723,12 @@ msgstr ""
 "для цієї служби."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr "ПРИКЛАДИ"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -6771,7 +6780,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -6784,7 +6793,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -6794,7 +6803,7 @@ msgstr ""
 "use_fully_qualified_names = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -6811,7 +6820,7 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -6827,7 +6836,7 @@ msgstr ""
 "priority = 10\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -7557,7 +7566,7 @@ msgstr ""
 "параметром <emphasis>ldap_connection_expire_offset</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr "Типове значення: 900 (15 хвилин)"
 
@@ -7660,12 +7669,22 @@ msgstr "Вимкнути отримання діапазону Active Directory.
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
-msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+#, fuzzy
+#| msgid ""
+#| "Active Directory limits the number of members to be retrieved in a single "
+#| "lookup using the MaxValRange policy (which defaults to 1500 members). If "
+#| "a group contains more members, the reply would include an AD-specific "
+#| "range extension. This option disables parsing of the range extension, "
+#| "therefore large groups will appear as having no members."
+msgid ""
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 "У Active Directory за допомогою правила MaxValRange (типове значення 1500 "
 "записів) обмежується кількість записів, які може бути отримано під час "
@@ -7675,12 +7694,12 @@ msgstr ""
 "буде представлено як такі, у яких немає учасників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -7691,19 +7710,19 @@ msgstr ""
 "параметра визначається OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Типове значення: типове для системи значення (зазвичай, визначається у ldap."
 "conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr "ldap_sasl_maxssf (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -7714,12 +7733,12 @@ msgstr ""
 "цього параметра визначається OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -7731,7 +7750,7 @@ msgstr ""
 "виконуватиметься окремо."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -7749,7 +7768,7 @@ msgstr ""
 "rootDSE."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -7762,7 +7781,7 @@ msgstr ""
 "OpenLDAP та Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -7773,12 +7792,12 @@ msgstr ""
 "незалежно від використання цього параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr "ldap_ignore_unreadable_references (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -7790,7 +7809,7 @@ msgstr ""
 "простого ігнорування непридатного до читання запису."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -7802,12 +7821,12 @@ msgstr ""
 "міркувань безпеки."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -7817,7 +7836,7 @@ msgstr ""
 "таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -7826,7 +7845,7 @@ msgstr ""
 "жодних сертифікатів сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7838,7 +7857,7 @@ msgstr ""
 "режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -7849,7 +7868,7 @@ msgstr ""
 "надано помилковий сертифікат, негайно перервати сеанс."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -7860,22 +7879,22 @@ msgstr ""
 "перервати сеанс."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr "Типове значення: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -7884,7 +7903,7 @@ msgstr ""
 "розпізнаються <command>sssd</command>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -7893,12 +7912,12 @@ msgstr ""
 "у <filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 #, fuzzy
 #| msgid ""
 #| "Specifies the path of a directory that contains Certificate Authority "
@@ -7919,32 +7938,32 @@ msgstr ""
 "<command>cacertdir_rehash</command>, якщо ця програма є доступною."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr "Визначає файл, у якому міститься ключ клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -7956,12 +7975,12 @@ msgstr ""
 "<manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -7972,12 +7991,12 @@ msgstr ""
 "наполегливо рекомендуємо значення <emphasis>true</emphasis> ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -7989,19 +8008,19 @@ msgstr ""
 "ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "У поточній версії у цій можливості передбачено підтримку лише встановлення "
 "відповідності objectSID у ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr "ldap_min_id, ldap_max_id (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -8021,18 +8040,18 @@ msgstr ""
 "ідентифікаторів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 "Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
@@ -8041,7 +8060,7 @@ msgstr ""
 "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -8059,12 +8078,12 @@ msgstr ""
 "manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -8084,7 +8103,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -8105,17 +8124,17 @@ msgstr ""
 "таблиці ключів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -8127,17 +8146,17 @@ msgstr ""
 "проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr "Типове значення: значення krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -8147,36 +8166,36 @@ msgstr ""
 "SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr "Типове значення: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-"
 "SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -8187,12 +8206,12 @@ msgstr ""
 "механізм GSSAPI або GSS-SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
@@ -8200,17 +8219,17 @@ msgstr ""
 "SPNEGO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr "Типове значення: 86400 (24 години)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -8229,7 +8248,7 @@ msgstr ""
 "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -8241,7 +8260,7 @@ msgstr ""
 "вдасться знайти."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -8252,30 +8271,30 @@ msgstr ""
 "варто перейти на використання «krb5_server» у файлах налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -8285,12 +8304,12 @@ msgstr ""
 "версії MIT Kerberos >= 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -8305,7 +8324,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -8316,12 +8335,12 @@ msgstr ""
 "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -8330,7 +8349,7 @@ msgstr ""
 "використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -8339,7 +8358,7 @@ msgstr ""
 "разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -8351,7 +8370,7 @@ msgstr ""
 "manvolnum></citerefentry> для визначення того, чи чинним є пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -8362,7 +8381,7 @@ msgstr ""
 "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -8372,18 +8391,18 @@ msgstr ""
 "встановленими за допомогою цього параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -8392,7 +8411,7 @@ msgstr ""
 "з версією OpenLDAP 2.4.13 або новішою версією."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -8414,28 +8433,28 @@ msgstr ""
 "дані виявляться недоступними."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Визначає назву служби, яку буде використано у разі вмикання визначення служб."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr "Типове значення: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -8444,17 +8463,17 @@ msgstr ""
 "уможливлює зміну паролів, у разі вмикання визначення служб."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -8463,7 +8482,7 @@ msgstr ""
 "щодо кількості днів з часу виконання дії зі зміни пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -8476,12 +8495,12 @@ msgstr ""
 "окремо."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -8510,12 +8529,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr "Приклад:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -8527,7 +8546,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -8536,7 +8555,7 @@ msgstr ""
 "employeeType встановлено у значення «admin»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -8550,17 +8569,17 @@ msgstr ""
 "таких прав не було надано, у автономному режимі їх також не буде надано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr "Типове значення: порожній рядок"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -8569,7 +8588,7 @@ msgstr ""
 "керування доступом на боці клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -8580,12 +8599,12 @@ msgstr ""
 "з відповідним кодом помилки, навіть якщо вказано правильний пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr "Можна використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -8594,7 +8613,7 @@ msgstr ""
 "визначити, чи завершено строк дії облікового запису."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -8607,7 +8626,7 @@ msgstr ""
 "Також буде перевірено, чи не вичерпано строк дії облікового запису."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -8618,7 +8637,7 @@ msgstr ""
 "ldap_ns_account_lock."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -8631,7 +8650,7 @@ msgstr ""
 "атрибутів, надати доступ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -8642,24 +8661,24 @@ msgstr ""
 "користуватися параметром ldap_account_expire_policy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Список відокремлених комами параметрів керування доступом. Можливі значення "
 "списку:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8674,7 +8693,7 @@ msgstr ""
 "для працездатності цієї можливості слід встановити «access_provider = ldap»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
@@ -8684,7 +8703,7 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -8707,13 +8726,13 @@ msgstr ""
 "параметра слід встановити значення «access_provider = ldap»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -8728,7 +8747,7 @@ msgstr ""
 "наприклад на ключах SSH."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
@@ -8737,17 +8756,17 @@ msgstr ""
 "дії пароля буде вичерпано:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr "pwd_expire_policy_reject — користувачу заборонено входити,"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr "pwd_expire_policy_warn — користувачу можна входити,"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
@@ -8756,7 +8775,7 @@ msgstr ""
 "пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 #, fuzzy
 #| msgid ""
 #| "Please note that 'access_provider = ldap' must be set for this feature to "
@@ -8772,7 +8791,7 @@ msgstr ""
 "параметра «ldap_pwd_policy» відповідні правила поводження із паролями."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -8781,14 +8800,14 @@ msgstr ""
 "можливості доступу атрибут authorizedService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
 "права доступу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
@@ -8797,7 +8816,7 @@ msgstr ""
 "того, чи матиме віддалений вузол доступ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
@@ -8807,12 +8826,12 @@ msgstr ""
 "керування доступом."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr "Типове значення: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -8821,12 +8840,12 @@ msgstr ""
 "використано декілька разів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -8840,22 +8859,22 @@ msgstr ""
 "можна буде перевірити належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -8864,13 +8883,13 @@ msgstr ""
 "пошуку. Можливі такі варіанти:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -8880,7 +8899,7 @@ msgstr ""
 "пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -8889,7 +8908,7 @@ msgstr ""
 "під час визначення місця основного об’єкта пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -8898,7 +8917,7 @@ msgstr ""
 "час пошуку, так і під час визначення місця основного об’єкта пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -8907,12 +8926,12 @@ msgstr ""
 "сценарієм <emphasis>never</emphasis>)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -8921,7 +8940,7 @@ msgstr ""
 "серверів, у яких використовується схема RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -8939,7 +8958,7 @@ msgstr ""
 "користувачів за допомогою виклику getpw*() або initgroups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -8951,12 +8970,12 @@ msgstr ""
 "групами LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr "wildcard_limit (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
@@ -8965,24 +8984,24 @@ msgstr ""
 "пошуку з використанням символів-замінників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 "У поточній версії пошук із використанням символів-замінників передбачено "
 "лише для відповідача InfoPipe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr "Типове значення: 1000 (часто розмір однієї сторінки)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr "ldap_library_debug_level (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
@@ -8991,7 +9010,7 @@ msgstr ""
 "libldap буде записано незалежно від загального debug_level."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
@@ -9000,17 +9019,17 @@ msgstr ""
 "компонентів, -1 увімкне повне виведення діагностичних даних."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr "Типове значення: 0 (діагностику libldap вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr "ldap_use_ppolicy (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -9021,14 +9040,14 @@ msgstr ""
 "надсилають у відповідні некоректне розширення правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 #, fuzzy
 #| msgid "ldap_deref_threshold (integer)"
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr "ldap_deref_threshold (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -9059,12 +9078,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr "ПАРАМЕТРИ SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -9075,12 +9094,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -9090,7 +9109,7 @@ msgstr ""
 "набір правил, що зберігаються на сервері."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -9099,7 +9118,7 @@ msgstr ""
 "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
@@ -9109,17 +9128,17 @@ msgstr ""
 "оновлення."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr "Типове значення: 21600 (6 годин)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -9130,7 +9149,7 @@ msgstr ""
 "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -9139,7 +9158,7 @@ msgstr ""
 "дані атрибута modifyTimestamp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -9155,7 +9174,7 @@ msgstr ""
 "emphasis>)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
@@ -9165,12 +9184,12 @@ msgstr ""
 "оновлення."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr "ldap_sudo_random_offset (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -9181,7 +9200,7 @@ msgstr ""
 "регулярного завдання. Значення у секундах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -9192,17 +9211,17 @@ msgstr ""
 "час, протягом якого правила sudo є недоступними для використання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr "Ви можете вимкнути цей зсув, встановивши значення 0."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -9212,12 +9231,12 @@ msgstr ""
 "назв вузлів)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -9226,7 +9245,7 @@ msgstr ""
 "фільтрування списку правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -9235,8 +9254,8 @@ msgstr ""
 "назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -9245,17 +9264,17 @@ msgstr ""
 "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr "Типове значення: не вказано"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -9264,7 +9283,7 @@ msgstr ""
 "правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -9273,12 +9292,12 @@ msgstr ""
 "адресу у автоматичному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -9287,12 +9306,12 @@ msgstr ""
 "мережеву групу (netgroup) у атрибуті sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -9301,7 +9320,7 @@ msgstr ""
 "заміни у атрибуті sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
@@ -9310,7 +9329,7 @@ msgstr ""
 "для сервера LDAP!"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -9323,12 +9342,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr "ПАРАМЕТРИ AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
@@ -9337,47 +9356,47 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr "Назва основної карти автоматичного монтування у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr "Типове значення: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -9390,22 +9409,22 @@ msgstr ""
 "груп показуються неправильно."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -9418,14 +9437,14 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr "ПРИКЛАД"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -9436,7 +9455,7 @@ msgstr ""
 "<replaceable>[domains]</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9456,7 +9475,7 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -9464,12 +9483,12 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
@@ -9478,7 +9497,7 @@ msgstr ""
 "чином і використано ldap_access_order=lockout."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -9504,13 +9523,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ЗАУВАЖЕННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -9584,7 +9603,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "ПАРАМЕТРИ"
 
@@ -15841,7 +15860,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr "СТАН ВИХОДУ"
@@ -15999,7 +16018,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -18252,22 +18271,27 @@ msgstr ""
 "<manvolnum>5</manvolnum></citerefentry>, щоб дізнатися більше про цей "
 "параметр."
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 "Шукати відкриті ключі вузлів у домені SSSD <replaceable>ДОМЕН</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 #, fuzzy
 #| msgid "<option>-H</option>,<option>--ssh-hosts</option>"
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr "<option>-H</option>,<option>--ssh-hosts</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -18275,12 +18299,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -18294,7 +18318,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -18302,7 +18326,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -18311,10 +18335,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
+#, fuzzy
+#| msgid ""
+#| "In case of successful execution, even if no key was found, 0 is returned. "
+#| "1 is returned in case of error."
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 "У випадку успішного виконання, навіть якщо ключа не було знайдено, буде "
 "повернуто 0. Якщо станеться помилка, буде повернуто 1."
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index 4e89f3fae3..02c56d0220 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sssd-docs 2.3.0\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2024-12-10 14:33+0100\n"
+"POT-Creation-Date: 2025-01-28 15:43+0100\n"
 "PO-Revision-Date: 2020-07-22 07:51-0400\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
@@ -212,10 +212,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:138 sssd.conf.5.xml:175 sssd.conf.5.xml:337
-#: sssd.conf.5.xml:701 sssd.conf.5.xml:716 sssd.conf.5.xml:926
-#: sssd.conf.5.xml:1044 sssd.conf.5.xml:2172 sssd-ldap.5.xml:931
-#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1188 sssd-ldap.5.xml:1257
-#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1799 sssd-ldap.5.xml:1864
+#: sssd.conf.5.xml:701 sssd.conf.5.xml:724 sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1052 sssd.conf.5.xml:2180 sssd-ldap.5.xml:935
+#: sssd-ldap.5.xml:1089 sssd-ldap.5.xml:1192 sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1669 sssd-ldap.5.xml:1803 sssd-ldap.5.xml:1868
 #: sssd-ipa.5.xml:361 sssd-ad.5.xml:252 sssd-ad.5.xml:367 sssd-ad.5.xml:1204
 #: sssd-ad.5.xml:1371 sssd-krb5.5.xml:358
 msgid "Default: true"
@@ -234,10 +234,10 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:923
-#: sssd.conf.5.xml:2075 sssd.conf.5.xml:2142 sssd.conf.5.xml:4234
-#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:950 sssd-ldap.5.xml:1160
-#: sssd-ldap.5.xml:1614 sssd-ldap.5.xml:1888 sssd-ipa.5.xml:152
+#: sssd.conf.5.xml:151 sssd.conf.5.xml:639 sssd.conf.5.xml:931
+#: sssd.conf.5.xml:2083 sssd.conf.5.xml:2150 sssd.conf.5.xml:4242
+#: sssd-ldap.5.xml:324 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1618 sssd-ldap.5.xml:1892 sssd-ipa.5.xml:152
 #: sssd-ipa.5.xml:254 sssd-ipa.5.xml:726 sssd-ad.5.xml:1107 sssd-krb5.5.xml:268
 #: sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 include/krb5_options.xml:163
 msgid "Default: false"
@@ -271,8 +271,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: outside any tag (error?)
-#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1705
-#: sssd-ldap.5.xml:1911 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd.conf.5.xml:111 sssd.conf.5.xml:186 sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1915 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
 #: sssd-ldap-attributes.5.xml:661 sssd-ldap-attributes.5.xml:803
@@ -302,8 +302,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:198 sssd.conf.5.xml:1264 sssd.conf.5.xml:1741
-#: sssd.conf.5.xml:4250 sssd-ldap.5.xml:777 include/ldap_id_mapping.xml:270
+#: sssd.conf.5.xml:198 sssd.conf.5.xml:1272 sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:4258 sssd-ldap.5.xml:781 include/ldap_id_mapping.xml:270
 msgid "Default: 10"
 msgstr ""
 
@@ -370,7 +370,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:266 sssd.conf.5.xml:3538
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:3546
 msgid "re_expression (string)"
 msgstr ""
 
@@ -390,12 +390,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:3595
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:3603
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:286 sssd.conf.5.xml:3598
+#: sssd.conf.5.xml:286 sssd.conf.5.xml:3606
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -403,39 +403,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:3609
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:3617
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298 sssd.conf.5.xml:3610
+#: sssd.conf.5.xml:298 sssd.conf.5.xml:3618
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:301 sssd.conf.5.xml:3613
+#: sssd.conf.5.xml:301 sssd.conf.5.xml:3621
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:304 sssd.conf.5.xml:3616
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3624
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:310 sssd.conf.5.xml:3622
+#: sssd.conf.5.xml:310 sssd.conf.5.xml:3630
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:313 sssd.conf.5.xml:3625
+#: sssd.conf.5.xml:313 sssd.conf.5.xml:3633
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:3606
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:3614
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -592,8 +592,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453 sssd-ldap.5.xml:889 sssd-ldap.5.xml:901
-#: sssd-ldap.5.xml:994 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
+#: sssd.conf.5.xml:453 sssd-ldap.5.xml:893 sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:998 sssd-ad.5.xml:921 sssd-ad.5.xml:996 sssd-krb5.5.xml:468
 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:978
 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
 #: include/krb5_options.xml:148
@@ -864,7 +864,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:687 sssd.conf.5.xml:1765 sssd.conf.5.xml:4300
+#: sssd.conf.5.xml:687 sssd.conf.5.xml:1773 sssd.conf.5.xml:4308
 #: sssd-ad.5.xml:187 sssd-ad.5.xml:328 sssd-ad.5.xml:342
 msgid "Default: Not set"
 msgstr ""
@@ -895,25 +895,34 @@ msgid ""
 "passwords. See man page prctl:PR_SET_DUMPABLE for details."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
+msgid ""
+"Take a note that this setting has no effect for 'ldap_child', 'krb5_child' "
+"and 'sssd_pam' as those privileged binaries can have a copy of a host keytab "
+"data in a memory and their behavior in this regards is governed by /proc/sys/"
+"fs/suid_dumpable system setting."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:729
 msgid "passkey_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:737
 msgid "user_verification (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:739
 msgid ""
 "Enable or disable the user verification (i.e. PIN, fingerprint)  during "
 "authentication. If enabled, the PIN will always be requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:745
 msgid ""
 "The default is that the key settings decide what to do. In the IPA or "
 "kerberos pre-authentication case, this value will be overwritten by the "
@@ -921,7 +930,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:732
 msgid ""
 "With this parameter the passkey verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder "
@@ -940,12 +949,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:764
 msgid "SERVICES SECTIONS"
 msgstr "服务部分"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:758
+#: sssd.conf.5.xml:766
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -954,22 +963,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:773
 msgid "General service configuration options"
 msgstr "基本服务配置选项"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:775
 msgid "These options can be used to configure any service."
 msgstr "这些选项可被用于配置任何服务。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:771
+#: sssd.conf.5.xml:779
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:782
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -979,17 +988,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:791
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:796
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:799
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -999,19 +1008,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800
+#: sssd.conf.5.xml:808
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 60, KCM: 300"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:813
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:816
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  By "
@@ -1022,14 +1031,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:819 sssd.conf.5.xml:875
+#: sssd.conf.5.xml:827 sssd.conf.5.xml:883
 msgid ""
 "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
 "offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:830
 msgid ""
 "The offline_timeout default value is 60.  The offline_timeout_max default "
 "value is 3600.  The offline_timeout_random_offset default value is 30.  The "
@@ -1037,44 +1046,44 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:836
 msgid ""
 "Note that the maximum length of each interval is defined by "
 "offline_timeout_max (apart of random part)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1175 sssd.conf.5.xml:1558
-#: sssd.conf.5.xml:1854 sssd-ldap.5.xml:506
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1183 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1862 sssd-ldap.5.xml:506
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:837
+#: sssd.conf.5.xml:845
 msgid "offline_timeout_max (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:840
+#: sssd.conf.5.xml:848
 msgid ""
 "Controls by how much the time between attempts to go online can be "
 "incremented following unsuccessful attempts to go online."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:853
 msgid "A value of 0 disables the incrementing behaviour."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:856
 msgid ""
 "The value of this parameter should be set in correlation to offline_timeout "
 "parameter value."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:860
 msgid ""
 "With offline_timeout set to 60 (default value) there is no point in setting "
 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
@@ -1083,62 +1092,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:866
 msgid ""
 "Although a value between 0 and offline_timeout may be specified, it has the "
 "effect of overriding the offline_timeout value so is of little use."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:871
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 3600"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:876
 msgid "offline_timeout_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:879
 msgid ""
 "When SSSD is in offline mode it keeps probing backend servers in specified "
 "time intervals:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:878
+#: sssd.conf.5.xml:886
 msgid ""
 "This parameter controls the value of the random offset used for the above "
 "equation. Final random_offset value will be random number in range:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:891
 msgid "[0 - offline_timeout_random_offset]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:894
 msgid "A value of 0 disables the random offset addition."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:897
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 30"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:902
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:905
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1150,58 +1159,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:911 sssd.conf.5.xml:1188 sssd.conf.5.xml:2307
+#: sssd.conf.5.xml:919 sssd.conf.5.xml:1196 sssd.conf.5.xml:2315
 #: sssd-ldap.5.xml:343
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:924
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:927
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:942
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:944
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:941
+#: sssd.conf.5.xml:949
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:944
+#: sssd.conf.5.xml:952
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:956
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:961
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:964
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1209,7 +1218,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:970
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1219,7 +1228,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972
+#: sssd.conf.5.xml:980
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1228,17 +1237,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980 sssd.conf.5.xml:2096
+#: sssd.conf.5.xml:988 sssd.conf.5.xml:2104
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:993
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:996
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1246,17 +1255,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994 sssd.conf.5.xml:1753 sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:1002 sssd.conf.5.xml:1761 sssd.conf.5.xml:2128
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1007
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1002
+#: sssd.conf.5.xml:1010
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again. Setting "
@@ -1264,17 +1273,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1016
 msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1013
+#: sssd.conf.5.xml:1021
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1016
+#: sssd.conf.5.xml:1024
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1283,7 +1292,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1032
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1292,41 +1301,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1040
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1037
+#: sssd.conf.5.xml:1045
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1048
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1051
+#: sssd.conf.5.xml:1059
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1062
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1067
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1065
+#: sssd.conf.5.xml:1073
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1334,23 +1343,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063 sssd.conf.5.xml:1625 sssd.conf.5.xml:1644
-#: sssd.conf.5.xml:1721 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+#: sssd.conf.5.xml:1071 sssd.conf.5.xml:1633 sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1729 sssd-krb5.5.xml:451 include/override_homedir.xml:66
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1077
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1083
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1086
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1358,47 +1367,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1092
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1098
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1101
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1096
+#: sssd.conf.5.xml:1104
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1108
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1113
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:1118
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1121
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1406,113 +1415,113 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1128
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1131
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1127
+#: sssd.conf.5.xml:1135
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1140
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1143
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1140
+#: sssd.conf.5.xml:1148
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1143
+#: sssd.conf.5.xml:1151
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1155
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1160
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1163
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1169
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1168 sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1559
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1171 sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1179 sssd.conf.5.xml:1562
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1188
 msgid "memcache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1183
+#: sssd.conf.5.xml:1191
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1199
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1222 sssd.conf.5.xml:1247
-#: sssd.conf.5.xml:1272 sssd.conf.5.xml:1299
+#: sssd.conf.5.xml:1205 sssd.conf.5.xml:1230 sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1280 sssd.conf.5.xml:1307
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1213
 msgid "memcache_size_passwd (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1216
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
@@ -1520,25 +1529,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1214 sssd.conf.5.xml:2966 sssd-ldap.5.xml:560
+#: sssd.conf.5.xml:1222 sssd.conf.5.xml:2974 sssd-ldap.5.xml:560
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217 sssd.conf.5.xml:1242 sssd.conf.5.xml:1267
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1225 sssd.conf.5.xml:1250 sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1302
 msgid ""
 "WARNING: Disabled or too small in-memory cache can have significant negative "
 "impact on SSSD's performance."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1238
 msgid "memcache_size_group (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1241
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for group requests.  Setting the size to 0 will disable the group in-memory "
@@ -1546,19 +1555,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239 sssd.conf.5.xml:1291 sssd.conf.5.xml:3727
+#: sssd.conf.5.xml:1247 sssd.conf.5.xml:1299 sssd.conf.5.xml:3735
 #: sssd-ldap.5.xml:485 sssd-ldap.5.xml:537 include/failover.xml:116
 #: include/krb5_options.xml:11
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1263
 msgid "memcache_size_initgroups (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1266
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
@@ -1566,12 +1575,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1288
 msgid "memcache_size_sid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1283
+#: sssd.conf.5.xml:1291
 msgid ""
 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 "for SID related requests.  Only SID-by-ID and ID-by-SID requests are "
@@ -1580,12 +1589,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307 sssd-ifp.5.xml:90
+#: sssd.conf.5.xml:1315 sssd-ifp.5.xml:90
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1318
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1596,43 +1605,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1331
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328
+#: sssd.conf.5.xml:1336
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1341
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1344
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1341
+#: sssd.conf.5.xml:1349
 msgid "Default: <quote>*</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1344
+#: sssd.conf.5.xml:1352
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[nss] section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1356
 msgid ""
 "Default: <quote>not set</quote> (remote domains), <phrase "
 "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
@@ -1641,60 +1650,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1368
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1362
+#: sssd.conf.5.xml:1370
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1375
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1378
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1375 sssd.conf.5.xml:1388
+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1396
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1389
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1392
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1394
+#: sssd.conf.5.xml:1402
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1405
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1410
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1702,59 +1711,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1408 sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1416 sssd.conf.5.xml:1526
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1422
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1425
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1430
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1425
+#: sssd.conf.5.xml:1433
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1436
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1432
+#: sssd.conf.5.xml:1440
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1443
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439 sssd.8.xml:63
+#: sssd.conf.5.xml:1447 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1453
 msgid "pam_response_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1448
+#: sssd.conf.5.xml:1456
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1763,51 +1772,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1464
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1471
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1464
+#: sssd.conf.5.xml:1472
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1475
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1476
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1472
+#: sssd.conf.5.xml:1480
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1481
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1469
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1488
 msgid ""
 "The list of strings can either be the list of filters which would set this "
 "list of filters and overwrite the defaults. Or each element of the list can "
@@ -1818,23 +1827,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1499
 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1502
 msgid ""
 "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1501
+#: sssd.conf.5.xml:1509
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1504
+#: sssd.conf.5.xml:1512
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1842,7 +1851,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1510
+#: sssd.conf.5.xml:1518
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1851,17 +1860,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1532
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527 sssd.conf.5.xml:2990
+#: sssd.conf.5.xml:1535 sssd.conf.5.xml:2998
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1530
+#: sssd.conf.5.xml:1538
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1869,32 +1878,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1536 sssd.conf.5.xml:2993
+#: sssd.conf.5.xml:1544 sssd.conf.5.xml:3001
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1549
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546 sssd.conf.5.xml:3993 sssd-ldap.5.xml:618
-#: sssd-ldap.5.xml:1684 sssd.8.xml:79
+#: sssd.conf.5.xml:1554 sssd.conf.5.xml:4001 sssd-ldap.5.xml:618
+#: sssd-ldap.5.xml:1688 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1571
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1574
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1904,75 +1913,75 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1584
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1588
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1595
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1598
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1602
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1598
+#: sssd.conf.5.xml:1606
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1602
+#: sssd.conf.5.xml:1610
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1631 sssd.conf.5.xml:1650
-#: sssd.conf.5.xml:1887 sssd.conf.5.xml:2728 sssd.conf.5.xml:3922
-#: sssd-ldap.5.xml:1221
+#: sssd.conf.5.xml:1614 sssd.conf.5.xml:1639 sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1895 sssd.conf.5.xml:2736 sssd.conf.5.xml:3930
+#: sssd-ldap.5.xml:1225
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1611
+#: sssd.conf.5.xml:1619
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1622
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1627
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1635
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1980,19 +1989,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1636
+#: sssd.conf.5.xml:1644
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1639
+#: sssd.conf.5.xml:1647
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1654
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2000,46 +2009,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1663
 msgid "pam_passkey_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658
+#: sssd.conf.5.xml:1666
 msgid "Enable passkey device based authentication."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1661 sssd.conf.5.xml:1973 sssd-ad.5.xml:1275
+#: sssd.conf.5.xml:1669 sssd.conf.5.xml:1981 sssd-ad.5.xml:1275
 #: sss_rpcidmapd.5.xml:76 sssd-files.5.xml:145
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1666
+#: sssd.conf.5.xml:1674
 msgid "passkey_debug_libfido2 (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1677
 msgid "Enable libfido2 library debug messages."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672 sssd.conf.5.xml:1686 sssd-ldap.5.xml:683
-#: sssd-ldap.5.xml:704 sssd-ldap.5.xml:800 sssd-ldap.5.xml:1307
+#: sssd.conf.5.xml:1680 sssd.conf.5.xml:1694 sssd-ldap.5.xml:683
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:804 sssd-ldap.5.xml:1311
 #: sssd-ad.5.xml:506 sssd-ad.5.xml:582 sssd-ad.5.xml:1127 sssd-ad.5.xml:1179
 #: include/ldap_id_mapping.xml:250
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1685
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1680
+#: sssd.conf.5.xml:1688
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2047,34 +2056,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1699
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1702
 msgid "The path to the certificate database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd.conf.5.xml:2222 sssd.conf.5.xml:4414
+#: sssd.conf.5.xml:1705 sssd.conf.5.xml:2230 sssd.conf.5.xml:4422
 msgid "Default:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1699 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:2232
 msgid ""
 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 "certificates in PEM format)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1717
 msgid "pam_cert_verification (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1720
 msgid ""
 "With this parameter the PAM certificate verification can be tuned with a "
 "comma separated list of options that override the "
@@ -2084,7 +2093,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1723
+#: sssd.conf.5.xml:1731
 #, no-wrap
 msgid ""
 "pam_cert_verification = partial_chain\n"
@@ -2092,59 +2101,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1735
 msgid ""
 "Default: not set, i.e. use default <quote>certificate_verification</quote> "
 "option defined in <quote>[sssd]</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1742
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1745
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1746
+#: sssd.conf.5.xml:1754
 msgid "passkey_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1757
 msgid ""
 "How many seconds will the PAM responder wait for passkey_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1766
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761
+#: sssd.conf.5.xml:1769
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1770
+#: sssd.conf.5.xml:1778
 msgid "pam_p11_allowed_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1773
+#: sssd.conf.5.xml:1781
 msgid ""
 "A comma-separated list of PAM service names for which it will be allowed to "
 "use Smartcards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1796
 #, no-wrap
 msgid ""
 "pam_p11_allowed_services = +my_pam_service, -login\n"
@@ -2152,7 +2161,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1785
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -2164,63 +2173,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1792 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
+#: sssd.conf.5.xml:1800 sssd-ad.5.xml:645 sssd-ad.5.xml:754 sssd-ad.5.xml:812
 #: sssd-ad.5.xml:870 sssd-ad.5.xml:948
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1797 sssd-ad.5.xml:649
+#: sssd.conf.5.xml:1805 sssd-ad.5.xml:649
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1802 sssd-ad.5.xml:654
+#: sssd.conf.5.xml:1810 sssd-ad.5.xml:654
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1807 sssd-ad.5.xml:659
+#: sssd.conf.5.xml:1815 sssd-ad.5.xml:659
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1812 sssd-ad.5.xml:674
+#: sssd.conf.5.xml:1820 sssd-ad.5.xml:674
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1817 sssd-ad.5.xml:669
+#: sssd.conf.5.xml:1825 sssd-ad.5.xml:669
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1822 sssd-ad.5.xml:679
+#: sssd.conf.5.xml:1830 sssd-ad.5.xml:679
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1827 sssd-ad.5.xml:957
+#: sssd.conf.5.xml:1835 sssd-ad.5.xml:957
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1832 sssd-ad.5.xml:962
+#: sssd.conf.5.xml:1840 sssd-ad.5.xml:962
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1845
 msgid "gnome-screensaver"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1853
 msgid "p11_wait_for_card_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1856
 msgid ""
 "If Smartcard authentication is required how many extra seconds in addition "
 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
@@ -2228,12 +2237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1859
+#: sssd.conf.5.xml:1867
 msgid "p11_uri (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1862
+#: sssd.conf.5.xml:1870
 msgid ""
 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 "selection of devices used for Smartcard authentication. By default SSSD's "
@@ -2244,7 +2253,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1883
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
@@ -2252,7 +2261,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1887
 #, no-wrap
 msgid ""
 "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
@@ -2260,7 +2269,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1881
 msgid ""
 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
@@ -2269,47 +2278,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1892
+#: sssd.conf.5.xml:1900
 msgid "pam_initgroups_scheme"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1908
 msgid "always"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:1909
 msgid ""
 "Always do an online lookup, please note that pam_id_timeout still applies"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1905
+#: sssd.conf.5.xml:1913
 msgid "no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1906
+#: sssd.conf.5.xml:1914
 msgid ""
 "Only do an online lookup if there is no active session of the user, i.e. if "
 "the user is currently not logged in"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1911
+#: sssd.conf.5.xml:1919
 msgid "never"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1920
 msgid ""
 "Never force an online lookup, use the data from the cache as long as they "
 "are not expired"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1903
 msgid ""
 "The PAM responder can force an online lookup to get the current group "
 "memberships of the user trying to log in. This option controls when this "
@@ -2318,30 +2327,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1919
+#: sssd.conf.5.xml:1927
 msgid "Default: no_session"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1924 sssd.conf.5.xml:4353
+#: sssd.conf.5.xml:1932 sssd.conf.5.xml:4361
 msgid "pam_gssapi_services"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1927
+#: sssd.conf.5.xml:1935
 msgid ""
 "Comma separated list of PAM services that are allowed to try GSSAPI "
 "authentication using pam_sss_gss.so module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:1940
 msgid ""
 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936 sssd.conf.5.xml:1967 sssd.conf.5.xml:2005
+#: sssd.conf.5.xml:1944 sssd.conf.5.xml:1975 sssd.conf.5.xml:2013
 msgid ""
 "Note: This option can also be set per-domain which overwrites the value in "
 "[pam] section. It can also be set for trusted domain which overwrites the "
@@ -2349,7 +2358,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1952
 #, no-wrap
 msgid ""
 "pam_gssapi_services = sudo, sudo-i\n"
@@ -2357,22 +2366,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942 sssd.conf.5.xml:3916
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:3924
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1948
+#: sssd.conf.5.xml:1956
 msgid "Default: - (GSSAPI authentication is disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1953 sssd.conf.5.xml:4354
+#: sssd.conf.5.xml:1961 sssd.conf.5.xml:4362
 msgid "pam_gssapi_check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1956
+#: sssd.conf.5.xml:1964
 msgid ""
 "If True, SSSD will require that the Kerberos user principal that "
 "successfully authenticated through GSSAPI can be associated with the user "
@@ -2380,19 +2389,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1963
+#: sssd.conf.5.xml:1971
 msgid ""
 "If False, every user that is able to obtained required service ticket will "
 "be authenticated."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:1986
 msgid "pam_gssapi_indicators_map"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1981
+#: sssd.conf.5.xml:1989
 msgid ""
 "Comma separated list of authentication indicators required to be present in "
 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
@@ -2400,7 +2409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1987
+#: sssd.conf.5.xml:1995
 msgid ""
 "Each element of the list can be either an authentication indicator name or a "
 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
@@ -2415,7 +2424,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000
+#: sssd.conf.5.xml:2008
 msgid ""
 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 "</quote> (dash). To disable the check for a specific PAM service, add "
@@ -2423,45 +2432,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2011
+#: sssd.conf.5.xml:2019
 msgid ""
 "Following authentication indicators are supported by IPA Kerberos "
 "deployments:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:2022
 msgid ""
 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 "files or on smart cards."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2025
 msgid ""
 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 "FAST channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2028
 msgid "radius -- pre-authentication with the help of a RADIUS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2031
 msgid ""
 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 "one-time password, OTP) in IPA."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2026
+#: sssd.conf.5.xml:2034
 msgid "idp -- pre-authentication using external identity provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2044
 #, no-wrap
 msgid ""
 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
@@ -2469,7 +2478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2039
 msgid ""
 "Example: to require access to SUDO services only for users which obtained "
 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
@@ -2477,17 +2486,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2048
 msgid "Default: not set (use of authentication indicators is not required)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2048
+#: sssd.conf.5.xml:2056
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2058
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2498,24 +2507,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2075
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2070
+#: sssd.conf.5.xml:2078
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2082
+#: sssd.conf.5.xml:2090
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2093
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2525,22 +2534,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2104
+#: sssd.conf.5.xml:2112
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2106
+#: sssd.conf.5.xml:2114
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2110
+#: sssd.conf.5.xml:2118
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2113
+#: sssd.conf.5.xml:2121
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2548,51 +2557,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2129
+#: sssd.conf.5.xml:2137
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2131
+#: sssd.conf.5.xml:2139
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2143
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2138
+#: sssd.conf.5.xml:2146
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2155
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:2158
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2154
+#: sssd.conf.5.xml:2162
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2159
+#: sssd.conf.5.xml:2167
 msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162
+#: sssd.conf.5.xml:2170
 msgid ""
 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 "keys derived from the public key of X.509 certificates stored in the user "
@@ -2601,12 +2610,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2177
+#: sssd.conf.5.xml:2185
 msgid "ssh_use_certificate_matching_rules (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2180
+#: sssd.conf.5.xml:2188
 msgid ""
 "By default the ssh responder will use all available certificate matching "
 "rules to filter the certificates so that ssh keys are only derived from the "
@@ -2616,7 +2625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189
+#: sssd.conf.5.xml:2197
 msgid ""
 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 "all or no rules, respectively. The latter means that no certificates will be "
@@ -2624,7 +2633,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2204
 msgid ""
 "If no rules are configured using 'all_rules' will enable a default rule "
 "which enables all certificates suitable for client authentication.  This is "
@@ -2633,38 +2642,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2211
 msgid ""
 "A non-existing rule name is considered an error.  If as a result no rule is "
 "selected all certificates will be ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2216
 msgid ""
 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 "rule are used"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2222
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2217
+#: sssd.conf.5.xml:2225
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2237
+#: sssd.conf.5.xml:2245
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2247
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2675,7 +2684,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2256
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2686,24 +2695,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2256
+#: sssd.conf.5.xml:2264
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2270
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2266 sssd-ifp.5.xml:66
+#: sssd.conf.5.xml:2274 sssd-ifp.5.xml:66
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2277
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2711,19 +2720,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2275
+#: sssd.conf.5.xml:2283
 msgid ""
 "Default: 0, &sssd_user_name; (only root and SSSD service users are allowed "
 "to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2279
+#: sssd.conf.5.xml:2287
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2283
+#: sssd.conf.5.xml:2291
 msgid ""
 "Please note that defaults will be overwritten with this option. If you still "
 "want to allow the root and/or '&sssd_user_name;' user to access the PAC "
@@ -2732,7 +2741,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2290
+#: sssd.conf.5.xml:2298
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2741,24 +2750,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2307
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2310
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2312
+#: sssd.conf.5.xml:2320
 msgid "pac_check (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2323
 msgid ""
 "Apply additional checks on the PAC of the Kerberos ticket which is available "
 "in Active Directory and FreeIPA domains, if configured. Please note that "
@@ -2769,24 +2778,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2337
 msgid "no_check"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2331
+#: sssd.conf.5.xml:2339
 msgid ""
 "The PAC must not be present and even if it is present no additional checks "
 "will be done."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2337
+#: sssd.conf.5.xml:2345
 msgid "pac_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2347
 msgid ""
 "The PAC must be present in the service ticket which SSSD will request with "
 "the help of the user's TGT. If the PAC is not available the authentication "
@@ -2794,24 +2803,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2347
+#: sssd.conf.5.xml:2355
 msgid "check_upn"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2349
+#: sssd.conf.5.xml:2357
 msgid ""
 "If the PAC is present check if the user principal name (UPN) information is "
 "consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2363
 msgid "check_upn_allow_missing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2365
 msgid ""
 "This option should be used together with 'check_upn' and handles the case "
 "where a UPN is set on the server-side but is not read by SSSD. The typical "
@@ -2823,7 +2832,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2369
+#: sssd.conf.5.xml:2377
 msgid ""
 "Currently this option is set by default to avoid regressions in such "
 "environments. A log message will be added to the system log and SSSD's debug "
@@ -2834,60 +2843,60 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2391
 msgid "upn_dns_info_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2385
+#: sssd.conf.5.xml:2393
 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2390
+#: sssd.conf.5.xml:2398
 msgid "check_upn_dns_info_ex"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2392
+#: sssd.conf.5.xml:2400
 msgid ""
 "If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
 "available check if the information in the extension is consistent."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2399
+#: sssd.conf.5.xml:2407
 msgid "upn_dns_info_ex_present"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2401
+#: sssd.conf.5.xml:2409
 msgid ""
 "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
 "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2333
 msgid ""
 "The following options can be used alone or in a comma-separated list: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2411
+#: sssd.conf.5.xml:2419
 msgid ""
 "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
 "check_upn_dns_info_ex')"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2428
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2422
+#: sssd.conf.5.xml:2430
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2897,66 +2906,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2443
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2439 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:2447 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2446 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2449 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:2462 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:2465 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2466 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:2474 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:2477 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2442 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:2450 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:2489 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:2492 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2964,17 +2973,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:2503 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:2506 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2982,7 +2991,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504 sssd.conf.5.xml:2536 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:2512 sssd.conf.5.xml:2544 sssd-session-recording.5.xml:129
 #: sssd-session-recording.5.xml:161
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
@@ -2991,57 +3000,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2511 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2516 sssd-session-recording.5.xml:141
+#: sssd.conf.5.xml:2524 sssd-session-recording.5.xml:141
 msgid "exclude_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2519 sssd-session-recording.5.xml:144
+#: sssd.conf.5.xml:2527 sssd-session-recording.5.xml:144
 msgid ""
 "A comma-separated list of users to be excluded from recording, only "
 "applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2523 sssd-session-recording.5.xml:148
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:148
 msgid "Default: Empty. No users excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2528 sssd-session-recording.5.xml:153
+#: sssd.conf.5.xml:2536 sssd-session-recording.5.xml:153
 msgid "exclude_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:156
+#: sssd.conf.5.xml:2539 sssd-session-recording.5.xml:156
 msgid ""
 "A comma-separated list of groups, members of which should be excluded from "
 "recording. Only applicable with 'scope=all'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:168
+#: sssd.conf.5.xml:2551 sssd-session-recording.5.xml:168
 msgid "Default: Empty. No groups excluded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2561
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:2560 sssd.conf.5.xml:4044 sssd.conf.5.xml:4045
-#: sssd.conf.5.xml:4048
+#: sssd.conf.5.xml:2568 sssd.conf.5.xml:4052 sssd.conf.5.xml:4053
+#: sssd.conf.5.xml:4056
 msgid "enabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2563
+#: sssd.conf.5.xml:2571
 msgid ""
 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
@@ -3051,12 +3060,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2575
+#: sssd.conf.5.xml:2583
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2586
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -3065,14 +3074,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2586
+#: sssd.conf.5.xml:2594
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2598
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -3081,38 +3090,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2606
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2602
+#: sssd.conf.5.xml:2610
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2614
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2612
+#: sssd.conf.5.xml:2620
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2615
+#: sssd.conf.5.xml:2623
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2628
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -3121,24 +3130,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2627
+#: sssd.conf.5.xml:2635
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2639
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2637
+#: sssd.conf.5.xml:2645
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2640
+#: sssd.conf.5.xml:2648
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -3147,36 +3156,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2648
+#: sssd.conf.5.xml:2656
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2651
+#: sssd.conf.5.xml:2659
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2654 sssd.conf.5.xml:2945 sssd.conf.5.xml:3122
+#: sssd.conf.5.xml:2662 sssd.conf.5.xml:2953 sssd.conf.5.xml:3130
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2657
+#: sssd.conf.5.xml:2665
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2662
+#: sssd.conf.5.xml:2670
 msgid ""
 "Feature is only supported for domains with id_provider = ldap or id_provider "
 "= proxy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2666
+#: sssd.conf.5.xml:2674
 msgid ""
 "Note: Enabling enumeration has a severe performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -3190,14 +3199,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2681
+#: sssd.conf.5.xml:2689
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2686
+#: sssd.conf.5.xml:2694
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -3206,14 +3215,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2694
+#: sssd.conf.5.xml:2702
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2699
+#: sssd.conf.5.xml:2707
 msgid ""
 "Note: the proxy provider is tested with open source modules like "
 "'libnss_files' and 'libnss_ldap'.  3rd party modules must follow the "
@@ -3221,32 +3230,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2708
+#: sssd.conf.5.xml:2716
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2723
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2724
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2719
+#: sssd.conf.5.xml:2727
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2720
+#: sssd.conf.5.xml:2728
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2711
+#: sssd.conf.5.xml:2719
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -3255,19 +3264,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2734
+#: sssd.conf.5.xml:2742
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2737
+#: sssd.conf.5.xml:2745
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2741
+#: sssd.conf.5.xml:2749
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -3278,139 +3287,139 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2762
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2768
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2771
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2767 sssd.conf.5.xml:2780 sssd.conf.5.xml:2793
-#: sssd.conf.5.xml:2806 sssd.conf.5.xml:2820 sssd.conf.5.xml:2833
-#: sssd.conf.5.xml:2847 sssd.conf.5.xml:2861 sssd.conf.5.xml:2874
+#: sssd.conf.5.xml:2775 sssd.conf.5.xml:2788 sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2814 sssd.conf.5.xml:2828 sssd.conf.5.xml:2841
+#: sssd.conf.5.xml:2855 sssd.conf.5.xml:2869 sssd.conf.5.xml:2882
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2773
+#: sssd.conf.5.xml:2781
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776
+#: sssd.conf.5.xml:2784
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2786
+#: sssd.conf.5.xml:2794
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2797
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2799
+#: sssd.conf.5.xml:2807
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2802
+#: sssd.conf.5.xml:2810
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2812
+#: sssd.conf.5.xml:2820
 msgid "entry_cache_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2815
+#: sssd.conf.5.xml:2823
 msgid ""
 "How many seconds should nss_sss consider hosts and networks entries valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:2834
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2829
+#: sssd.conf.5.xml:2837
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2839
+#: sssd.conf.5.xml:2847
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:2850
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2853
+#: sssd.conf.5.xml:2861
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2856
+#: sssd.conf.5.xml:2864
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2867
+#: sssd.conf.5.xml:2875
 msgid "entry_cache_computer_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2870
+#: sssd.conf.5.xml:2878
 msgid ""
 "How many seconds to keep the local computer entry before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2880
+#: sssd.conf.5.xml:2888
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2891
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2888
+#: sssd.conf.5.xml:2896
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache. For users who have performed the initgroups (get group membership for "
@@ -3419,17 +3428,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:2904
 msgid "This option is automatically inherited for all trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2900
+#: sssd.conf.5.xml:2908
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2912
 msgid ""
 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 "has already passed.  If there are existing cached entries, the background "
@@ -3441,18 +3450,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1785
+#: sssd.conf.5.xml:2925 sssd-ldap.5.xml:372 sssd-ldap.5.xml:1789
 #: sssd-ipa.5.xml:270
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:2931
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:2934
 msgid ""
 "Determines if user credentials are also cached in the local LDB cache. The "
 "cached credentials refer to passwords, which includes the first (long term) "
@@ -3463,7 +3472,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2937
+#: sssd.conf.5.xml:2945
 msgid ""
 "Take a note that while credentials are stored as a salted SHA512 hash, this "
 "still potentially poses some security risk in case an attacker manages to "
@@ -3472,12 +3481,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2951
+#: sssd.conf.5.xml:2959
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2954
+#: sssd.conf.5.xml:2962
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3485,19 +3494,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2961
+#: sssd.conf.5.xml:2969
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:2980
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2975
+#: sssd.conf.5.xml:2983
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3506,17 +3515,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2982
+#: sssd.conf.5.xml:2990
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2987
+#: sssd.conf.5.xml:2995
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2998
+#: sssd.conf.5.xml:3006
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3525,28 +3534,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3013
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3011
+#: sssd.conf.5.xml:3019
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3014
+#: sssd.conf.5.xml:3022
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3018
+#: sssd.conf.5.xml:3026
 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3021
+#: sssd.conf.5.xml:3029
 msgid ""
 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3554,7 +3563,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3029
+#: sssd.conf.5.xml:3037
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3562,8 +3571,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3037 sssd.conf.5.xml:3148 sssd.conf.5.xml:3199
-#: sssd.conf.5.xml:3262
+#: sssd.conf.5.xml:3045 sssd.conf.5.xml:3156 sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3270
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3571,8 +3580,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3046 sssd.conf.5.xml:3157 sssd.conf.5.xml:3208
-#: sssd.conf.5.xml:3271
+#: sssd.conf.5.xml:3054 sssd.conf.5.xml:3165 sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3279
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3580,19 +3589,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3065
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3068
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3065
+#: sssd.conf.5.xml:3073
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3601,7 +3610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3073
+#: sssd.conf.5.xml:3081
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3609,24 +3618,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3080
+#: sssd.conf.5.xml:3088
 msgid ""
 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 "default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3087
+#: sssd.conf.5.xml:3095
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3090
+#: sssd.conf.5.xml:3098
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3093
+#: sssd.conf.5.xml:3101
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3638,7 +3647,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3111
+#: sssd.conf.5.xml:3119
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3646,30 +3655,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3117 sssd.conf.5.xml:3838 sssd-ldap.5.xml:338
+#: sssd.conf.5.xml:3125 sssd.conf.5.xml:3846 sssd-ldap.5.xml:338
 #: sssd-ldap.5.xml:367 sssd-ldap.5.xml:420 sssd-ldap.5.xml:480
 #: sssd-ldap.5.xml:501 sssd-ldap.5.xml:532 sssd-ldap.5.xml:555
 #: sssd-ldap.5.xml:594 sssd-ldap.5.xml:613 sssd-ldap.5.xml:637
-#: sssd-ldap.5.xml:1065 sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1102
 msgid ""
 "This option can be also set per subdomain or inherited via "
 "<emphasis>subdomain_inherit</emphasis>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3127
+#: sssd.conf.5.xml:3135
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3138
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3134 sssd.conf.5.xml:3192
+#: sssd.conf.5.xml:3142 sssd.conf.5.xml:3200
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3677,7 +3686,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3141
+#: sssd.conf.5.xml:3149
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3685,30 +3694,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3173
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3176
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3171
+#: sssd.conf.5.xml:3179
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3177
+#: sssd.conf.5.xml:3185
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3188
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3716,19 +3725,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3186
+#: sssd.conf.5.xml:3194
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3189
+#: sssd.conf.5.xml:3197
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3216
+#: sssd.conf.5.xml:3224
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3737,7 +3746,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3223
+#: sssd.conf.5.xml:3231
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3745,29 +3754,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3230
+#: sssd.conf.5.xml:3238
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3233
+#: sssd.conf.5.xml:3241
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3238
+#: sssd.conf.5.xml:3246
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3241
+#: sssd.conf.5.xml:3249
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3246
+#: sssd.conf.5.xml:3254
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3775,7 +3784,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3254
+#: sssd.conf.5.xml:3262
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3783,35 +3792,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3279
+#: sssd.conf.5.xml:3287
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3283
+#: sssd.conf.5.xml:3291
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3286
+#: sssd.conf.5.xml:3294
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3293
+#: sssd.conf.5.xml:3301
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3296
+#: sssd.conf.5.xml:3304
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3300
+#: sssd.conf.5.xml:3308
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3819,32 +3828,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3308
+#: sssd.conf.5.xml:3316
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3312
+#: sssd.conf.5.xml:3320
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3316
+#: sssd.conf.5.xml:3324
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3319 sssd.conf.5.xml:3405 sssd.conf.5.xml:3470
-#: sssd.conf.5.xml:3495 sssd.conf.5.xml:3531
+#: sssd.conf.5.xml:3327 sssd.conf.5.xml:3413 sssd.conf.5.xml:3478
+#: sssd.conf.5.xml:3503 sssd.conf.5.xml:3539
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3323
+#: sssd.conf.5.xml:3331
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3855,7 +3864,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3338
+#: sssd.conf.5.xml:3346
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3864,12 +3873,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3348
+#: sssd.conf.5.xml:3356
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3351
+#: sssd.conf.5.xml:3359
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3877,7 +3886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3357
+#: sssd.conf.5.xml:3365
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3885,31 +3894,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3365
+#: sssd.conf.5.xml:3373
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3368
+#: sssd.conf.5.xml:3376
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3374
+#: sssd.conf.5.xml:3382
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3377
+#: sssd.conf.5.xml:3385
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3383
+#: sssd.conf.5.xml:3391
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3917,7 +3926,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3392
+#: sssd.conf.5.xml:3400
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3926,17 +3935,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3401
+#: sssd.conf.5.xml:3409
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3411
+#: sssd.conf.5.xml:3419
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3414
+#: sssd.conf.5.xml:3422
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3944,36 +3953,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3421
+#: sssd.conf.5.xml:3429
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3425
+#: sssd.conf.5.xml:3433
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3429
+#: sssd.conf.5.xml:3437
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3436
+#: sssd.conf.5.xml:3444
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3439
+#: sssd.conf.5.xml:3447
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3443
+#: sssd.conf.5.xml:3451
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3981,7 +3990,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3450
+#: sssd.conf.5.xml:3458
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3989,7 +3998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3458
+#: sssd.conf.5.xml:3466
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3997,24 +4006,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3467
+#: sssd.conf.5.xml:3475
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3477
+#: sssd.conf.5.xml:3485
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3488
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3484
+#: sssd.conf.5.xml:3492
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -4022,31 +4031,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3492
+#: sssd.conf.5.xml:3500
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3502
+#: sssd.conf.5.xml:3510
 msgid "resolver_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3505
+#: sssd.conf.5.xml:3513
 msgid ""
 "The provider which should handle hosts and networks lookups. Supported "
 "resolver providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3509
+#: sssd.conf.5.xml:3517
 msgid ""
 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 "<quote>proxy_resolver_lib_name</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3513
+#: sssd.conf.5.xml:3521
 msgid ""
 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -4054,7 +4063,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3520
+#: sssd.conf.5.xml:3528
 msgid ""
 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
@@ -4063,12 +4072,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3528
+#: sssd.conf.5.xml:3536
 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3541
+#: sssd.conf.5.xml:3549
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -4078,24 +4087,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3550
+#: sssd.conf.5.xml:3558
 msgid ""
 "Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
 "[^@]+))$</quote> which allows two different styles for user names:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3555 sssd.conf.5.xml:3569
+#: sssd.conf.5.xml:3563 sssd.conf.5.xml:3577
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572
+#: sssd.conf.5.xml:3566 sssd.conf.5.xml:3580
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3563
+#: sssd.conf.5.xml:3571
 msgid ""
 "Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
@@ -4104,19 +4113,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:3575
+#: sssd.conf.5.xml:3583
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3578
+#: sssd.conf.5.xml:3586
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3583
+#: sssd.conf.5.xml:3591
 msgid ""
 "The default re_expression uses the <quote>@</quote> character as a separator "
 "between the name and the domain. As a result of this setting the default "
@@ -4126,89 +4135,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3635
+#: sssd.conf.5.xml:3643
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3641
+#: sssd.conf.5.xml:3649
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3644
+#: sssd.conf.5.xml:3652
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3648
+#: sssd.conf.5.xml:3656
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3651
+#: sssd.conf.5.xml:3659
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3654
+#: sssd.conf.5.xml:3662
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3657
+#: sssd.conf.5.xml:3665
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3660
+#: sssd.conf.5.xml:3668
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3663
+#: sssd.conf.5.xml:3671
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3669
+#: sssd.conf.5.xml:3677
 msgid "dns_resolver_server_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3672
+#: sssd.conf.5.xml:3680
 msgid ""
 "Defines the amount of time (in milliseconds)  SSSD would try to talk to DNS "
 "server before trying next DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3677
+#: sssd.conf.5.xml:3685
 msgid ""
 "The AD provider will use this option for the CLDAP ping timeouts as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3681 sssd.conf.5.xml:3701 sssd.conf.5.xml:3722
+#: sssd.conf.5.xml:3689 sssd.conf.5.xml:3709 sssd.conf.5.xml:3730
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3686 sssd-ldap.5.xml:656 include/failover.xml:84
+#: sssd.conf.5.xml:3694 sssd-ldap.5.xml:656 include/failover.xml:84
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3692
+#: sssd.conf.5.xml:3700
 msgid "dns_resolver_op_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3695
+#: sssd.conf.5.xml:3703
 msgid ""
 "Defines the amount of time (in seconds) to wait to resolve single DNS query "
 "(e.g. resolution of a hostname or an SRV record)  before trying the next "
@@ -4216,17 +4225,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3706 include/failover.xml:100
+#: sssd.conf.5.xml:3714 include/failover.xml:100
 msgid "Default: 3"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3712
+#: sssd.conf.5.xml:3720
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3715
+#: sssd.conf.5.xml:3723
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -4235,12 +4244,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3733
+#: sssd.conf.5.xml:3741
 msgid "dns_resolver_use_search_list (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3736
+#: sssd.conf.5.xml:3744
 msgid ""
 "Normally, the DNS resolver searches the domain list defined in the "
 "\"search\" directive from the resolv.conf file. This can lead to delays in "
@@ -4248,7 +4257,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3742
+#: sssd.conf.5.xml:3750
 msgid ""
 "If fully qualified domain names (or _srv_) are used in the SSSD "
 "configuration, setting this option to FALSE can prevent unnecessary DNS "
@@ -4256,36 +4265,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3748
+#: sssd.conf.5.xml:3756
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: TRUE"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3754
+#: sssd.conf.5.xml:3762
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3757
+#: sssd.conf.5.xml:3765
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3761
+#: sssd.conf.5.xml:3769
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3767
+#: sssd.conf.5.xml:3775
 msgid "failover_primary_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3770
+#: sssd.conf.5.xml:3778
 msgid ""
 "When no primary server is available, SSSD fails over to a backup server. "
 "This option defines the number of seconds SSSD waits before attempting to "
@@ -4293,59 +4302,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3777
+#: sssd.conf.5.xml:3785
 msgid "Note: The minimum value is 31."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3780
+#: sssd.conf.5.xml:3788
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: 31"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3786
+#: sssd.conf.5.xml:3794
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3789
+#: sssd.conf.5.xml:3797
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3795
+#: sssd.conf.5.xml:3803
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3802
+#: sssd.conf.5.xml:3810
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3805
+#: sssd.conf.5.xml:3813
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3811
+#: sssd.conf.5.xml:3819
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3813
+#: sssd.conf.5.xml:3821
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3817
+#: sssd.conf.5.xml:3825
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3820
+#: sssd.conf.5.xml:3828
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4353,31 +4362,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3828
+#: sssd.conf.5.xml:3836
 msgid ""
 "If you want to set this value for trusted domain with IPA provider, you need "
 "to set it on both the client and SSSD on the server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3798
+#: sssd.conf.5.xml:3806
 msgid ""
 "Treat user and group names as case sensitive.  Possible option values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3843
+#: sssd.conf.5.xml:3851
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3849
+#: sssd.conf.5.xml:3857
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3852
+#: sssd.conf.5.xml:3860
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4385,104 +4394,104 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3858
+#: sssd.conf.5.xml:3866
 msgid "ldap_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3861
+#: sssd.conf.5.xml:3869
 msgid "ldap_network_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3864
+#: sssd.conf.5.xml:3872
 msgid "ldap_opt_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3867
+#: sssd.conf.5.xml:3875
 msgid "ldap_offline_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3870
+#: sssd.conf.5.xml:3878
 msgid "ldap_enumeration_refresh_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3873
+#: sssd.conf.5.xml:3881
 msgid "ldap_enumeration_refresh_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3876
+#: sssd.conf.5.xml:3884
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3879
+#: sssd.conf.5.xml:3887
 msgid "ldap_purge_cache_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3882
+#: sssd.conf.5.xml:3890
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3886
+#: sssd.conf.5.xml:3894
 msgid "ldap_krb5_ticket_lifetime"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3889
+#: sssd.conf.5.xml:3897
 msgid "ldap_enumeration_search_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3892
+#: sssd.conf.5.xml:3900
 msgid "ldap_connection_expire_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3895
+#: sssd.conf.5.xml:3903
 msgid "ldap_connection_expire_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3898
+#: sssd.conf.5.xml:3906
 msgid "ldap_connection_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3901 sssd-ldap.5.xml:412
+#: sssd.conf.5.xml:3909 sssd-ldap.5.xml:412
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3904
+#: sssd.conf.5.xml:3912
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3907
+#: sssd.conf.5.xml:3915
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3910
+#: sssd.conf.5.xml:3918
 msgid "auto_private_groups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3913
+#: sssd.conf.5.xml:3921
 msgid "case_sensitive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:3918
+#: sssd.conf.5.xml:3926
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4490,27 +4499,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3925
+#: sssd.conf.5.xml:3933
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3932
+#: sssd.conf.5.xml:3940
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3943
+#: sssd.conf.5.xml:3951
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3944
+#: sssd.conf.5.xml:3952
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3935
+#: sssd.conf.5.xml:3943
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4520,34 +4529,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3949
+#: sssd.conf.5.xml:3957
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3953
+#: sssd.conf.5.xml:3961
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3958
+#: sssd.conf.5.xml:3966
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3961
+#: sssd.conf.5.xml:3969
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3967
+#: sssd.conf.5.xml:3975
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3970
+#: sssd.conf.5.xml:3978
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4556,19 +4565,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3978
+#: sssd.conf.5.xml:3986
 msgid ""
 "This option's value is inherited by all trusted domains. At the moment it is "
 "not possible to set a different value per trusted domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3983
+#: sssd.conf.5.xml:3991
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3987
+#: sssd.conf.5.xml:3995
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4576,12 +4585,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3998
+#: sssd.conf.5.xml:4006
 msgid "local_auth_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4001
+#: sssd.conf.5.xml:4009
 msgid ""
 "Local authentication methods policy. Some backends (i.e. LDAP, proxy "
 "provider) only support a password based authentication, while others can "
@@ -4593,7 +4602,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4013
+#: sssd.conf.5.xml:4021
 msgid ""
 "There are three possible values for this option: match, only, enable. "
 "<quote>match</quote> is used to match offline and online states for Kerberos "
@@ -4605,7 +4614,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4026
+#: sssd.conf.5.xml:4034
 msgid ""
 "The following table shows which authentication methods, if configured "
 "properly, are currently enabled or disabled for each backend, with the "
@@ -4613,42 +4622,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4039
+#: sssd.conf.5.xml:4047
 msgid "local_auth_policy = match (default)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4040
+#: sssd.conf.5.xml:4048
 msgid "Passkey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
-#: sssd.conf.5.xml:4041
+#: sssd.conf.5.xml:4049
 msgid "Smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4044 sssd-ldap.5.xml:189
+#: sssd.conf.5.xml:4052 sssd-ldap.5.xml:189
 msgid "IPA"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4047 sssd-ldap.5.xml:194
+#: sssd.conf.5.xml:4055 sssd-ldap.5.xml:194
 msgid "AD"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
-#: sssd.conf.5.xml:4047 sssd.conf.5.xml:4050 sssd.conf.5.xml:4051
+#: sssd.conf.5.xml:4055 sssd.conf.5.xml:4058 sssd.conf.5.xml:4059
 msgid "disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
-#: sssd.conf.5.xml:4050
+#: sssd.conf.5.xml:4058
 msgid "LDAP"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4055
+#: sssd.conf.5.xml:4063
 msgid ""
 "Please note that if local Smartcard authentication is enabled and a "
 "Smartcard is present, Smartcard authentication will be preferred over the "
@@ -4657,7 +4666,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4067
+#: sssd.conf.5.xml:4075
 #, no-wrap
 msgid ""
 "[domain/shadowutils]\n"
@@ -4668,7 +4677,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4063
+#: sssd.conf.5.xml:4071
 msgid ""
 "The following configuration example allows local users to authenticate "
 "locally using any enabled method (i.e. smartcard, passkey).  <placeholder "
@@ -4676,38 +4685,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4075
+#: sssd.conf.5.xml:4083
 msgid ""
 "It is expected that the <quote>files</quote> provider ignores the "
 "local_auth_policy option and supports Smartcard authentication by default."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4080
+#: sssd.conf.5.xml:4088
 #, fuzzy
 #| msgid "Default: 3"
 msgid "Default: match"
 msgstr "默认： 3"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4085
+#: sssd.conf.5.xml:4093
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4091
+#: sssd.conf.5.xml:4099
 msgid "true"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4094
+#: sssd.conf.5.xml:4102
 msgid ""
 "Create user's private group unconditionally from user's UID number.  The GID "
 "number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4098
+#: sssd.conf.5.xml:4106
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -4716,24 +4725,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4107
+#: sssd.conf.5.xml:4115
 msgid "false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4110
+#: sssd.conf.5.xml:4118
 msgid ""
 "Always use the user's primary GID number. The GID number must refer to a "
 "group object in the LDAP database."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4116
+#: sssd.conf.5.xml:4124
 msgid "hybrid"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4119
+#: sssd.conf.5.xml:4127
 msgid ""
 "A primary group is autogenerated for user entries whose UID and GID numbers "
 "have the same value and at the same time the GID number does not correspond "
@@ -4743,14 +4752,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4132
+#: sssd.conf.5.xml:4140
 msgid ""
 "If the UID and GID of a user are different, then the GID must correspond to "
 "a group entry, otherwise the GID is simply not resolvable."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4139
+#: sssd.conf.5.xml:4147
 msgid ""
 "This feature is useful for environments that wish to stop maintaining a "
 "separate group objects for the user private groups, but also wish to retain "
@@ -4758,21 +4767,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4088
+#: sssd.conf.5.xml:4096
 msgid ""
 "This option takes any of three available values: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4151
+#: sssd.conf.5.xml:4159
 msgid ""
 "For subdomains, the default value is False for subdomains that use assigned "
 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4159
+#: sssd.conf.5.xml:4167
 #, no-wrap
 msgid ""
 "[domain/forest.domain/sub.domain]\n"
@@ -4780,7 +4789,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:4165
+#: sssd.conf.5.xml:4173
 #, no-wrap
 msgid ""
 "[domain/forest.domain]\n"
@@ -4789,7 +4798,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4156
+#: sssd.conf.5.xml:4164
 msgid ""
 "The value of auto_private_groups can either be set per subdomains in a "
 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
@@ -4798,7 +4807,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2563
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4806,17 +4815,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4180
+#: sssd.conf.5.xml:4188
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4183
+#: sssd.conf.5.xml:4191
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4186
+#: sssd.conf.5.xml:4194
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here. As an alternative you can "
@@ -4824,12 +4833,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4196
+#: sssd.conf.5.xml:4204
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4199
+#: sssd.conf.5.xml:4207
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4837,12 +4846,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4209
+#: sssd.conf.5.xml:4217
 msgid "proxy_resolver_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4212
+#: sssd.conf.5.xml:4220
 msgid ""
 "The name of the NSS library to use for hosts and networks lookups in proxy "
 "domains. The NSS functions searched for in the library are in the form of "
@@ -4850,12 +4859,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4223
+#: sssd.conf.5.xml:4231
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4226
+#: sssd.conf.5.xml:4234
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4864,12 +4873,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4240
+#: sssd.conf.5.xml:4248
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4243
+#: sssd.conf.5.xml:4251
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4877,19 +4886,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4176
+#: sssd.conf.5.xml:4184
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:4259
+#: sssd.conf.5.xml:4267
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4261
+#: sssd.conf.5.xml:4269
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4906,7 +4915,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4281
+#: sssd.conf.5.xml:4289
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4914,17 +4923,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:4287
+#: sssd.conf.5.xml:4295
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4289
+#: sssd.conf.5.xml:4297
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4292
+#: sssd.conf.5.xml:4300
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4933,7 +4942,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:4306
+#: sssd.conf.5.xml:4314
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4943,7 +4952,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:4314
+#: sssd.conf.5.xml:4322
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4963,12 +4972,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4334
+#: sssd.conf.5.xml:4342
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4336
+#: sssd.conf.5.xml:4344
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4979,69 +4988,69 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4343
+#: sssd.conf.5.xml:4351
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4344
+#: sssd.conf.5.xml:4352
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4345
+#: sssd.conf.5.xml:4353
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4346
+#: sssd.conf.5.xml:4354
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4347
+#: sssd.conf.5.xml:4355
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4348
+#: sssd.conf.5.xml:4356
 msgid "ldap_sasl_mech,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4349
+#: sssd.conf.5.xml:4357
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4350
+#: sssd.conf.5.xml:4358
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4351
+#: sssd.conf.5.xml:4359
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4352 sssd-ipa.5.xml:948
+#: sssd.conf.5.xml:4360 sssd-ipa.5.xml:948
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4356
+#: sssd.conf.5.xml:4364
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4362
+#: sssd.conf.5.xml:4370
 msgid "CERTIFICATE MAPPING SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4364
+#: sssd.conf.5.xml:4372
 msgid ""
 "To allow authentication with Smartcards and certificates SSSD must be able "
 "to map certificates to users. This can be done by adding the full "
@@ -5054,7 +5063,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4378
+#: sssd.conf.5.xml:4386
 msgid ""
 "To make the mapping more flexible mapping and matching rules were added to "
 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
@@ -5062,7 +5071,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4387
+#: sssd.conf.5.xml:4395
 msgid ""
 "A mapping and matching rule can be added to the SSSD configuration in a "
 "section on its own with a name like <quote>[certmap/"
@@ -5071,43 +5080,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4394
+#: sssd.conf.5.xml:4402
 msgid "matchrule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4397
+#: sssd.conf.5.xml:4405
 msgid ""
 "Only certificates from the Smartcard which matches this rule will be "
 "processed, all others are ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4401
+#: sssd.conf.5.xml:4409
 msgid ""
 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 "Extended Key Usage <quote>clientAuth</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4408
+#: sssd.conf.5.xml:4416
 msgid "maprule (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4411
+#: sssd.conf.5.xml:4419
 msgid "Defines how the user is found for a given certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4417
+#: sssd.conf.5.xml:4425
 msgid ""
 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4423
+#: sssd.conf.5.xml:4431
 msgid ""
 "If maprule is not set and provider is <quote>proxy</quote><phrase "
 "condition=\"with_files_provider\"> &nbsp;or <quote>files</quote></phrase>, "
@@ -5115,12 +5124,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4434
+#: sssd.conf.5.xml:4442
 msgid "domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4437
+#: sssd.conf.5.xml:4445
 msgid ""
 "Comma separated list of domain names the rule should be applied. By default "
 "a rule is only valid in the domain configured in sssd.conf. If the provider "
@@ -5129,17 +5138,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4444
+#: sssd.conf.5.xml:4452
 msgid "Default: the configured domain in sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4449
+#: sssd.conf.5.xml:4457
 msgid "priority (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4452
+#: sssd.conf.5.xml:4460
 msgid ""
 "Unsigned integer value defining the priority of the rule. The higher the "
 "number the lower the priority.  <quote>0</quote> stands for the highest "
@@ -5147,26 +5156,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4458
+#: sssd.conf.5.xml:4466
 msgid "Default: the lowest priority"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4464
+#: sssd.conf.5.xml:4472
 msgid ""
 "To make the configuration simple and reduce the amount of configuration "
 "options the <quote>files</quote> provider has some special properties:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4470
+#: sssd.conf.5.xml:4478
 msgid ""
 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 "matching user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4476
+#: sssd.conf.5.xml:4484
 msgid ""
 "if a maprule is used both a single user name or a template like "
 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
@@ -5175,17 +5184,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4485
+#: sssd.conf.5.xml:4493
 msgid "the <quote>domains</quote> option is ignored"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4493
+#: sssd.conf.5.xml:4501
 msgid "PROMPTING CONFIGURATION SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4495
+#: sssd.conf.5.xml:4503
 msgid ""
 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
@@ -5195,7 +5204,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4503
+#: sssd.conf.5.xml:4511
 msgid ""
 "With the growing number of authentication methods and the possibility that "
 "there are multiple ones for a single user the heuristic used by pam_sss to "
@@ -5204,59 +5213,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4515
+#: sssd.conf.5.xml:4523
 msgid "[prompting/password]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4518
+#: sssd.conf.5.xml:4526
 msgid "password_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4519
+#: sssd.conf.5.xml:4527
 msgid "to change the string of the password prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4517
+#: sssd.conf.5.xml:4525
 msgid ""
 "to configure password prompting, allowed options are: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4527
+#: sssd.conf.5.xml:4535
 msgid "[prompting/2fa]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4531
+#: sssd.conf.5.xml:4539
 msgid "first_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4532
+#: sssd.conf.5.xml:4540
 msgid "to change the string of the prompt for the first factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4535
+#: sssd.conf.5.xml:4543
 msgid "second_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4536
+#: sssd.conf.5.xml:4544
 msgid "to change the string of the prompt for the second factor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4539
+#: sssd.conf.5.xml:4547
 msgid "single_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4540
+#: sssd.conf.5.xml:4548
 msgid ""
 "boolean value, if True there will be only a single prompt using the value of "
 "first_prompt where it is expected that both factors are entered as a single "
@@ -5265,7 +5274,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4529
+#: sssd.conf.5.xml:4537
 msgid ""
 "to configure two-factor authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
@@ -5274,7 +5283,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4553
+#: sssd.conf.5.xml:4561
 msgid ""
 "Some clients, such as SSH with 'PasswordAuthentication yes', generate their "
 "own prompts and do not use prompts provided by SSSD or other PAM modules. "
@@ -5285,17 +5294,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4568
+#: sssd.conf.5.xml:4576
 msgid "[prompting/passkey]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:4574 sssd-ad.5.xml:1022
+#: sssd.conf.5.xml:4582 sssd-ad.5.xml:1022
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4576
+#: sssd.conf.5.xml:4584
 msgid ""
 "boolean value, if True prompt a message and wait before testing the presence "
 "of a passkey device.  Recommended if your device doesn’t have a tactile "
@@ -5303,46 +5312,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4584
+#: sssd.conf.5.xml:4592
 msgid "interactive_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4586
+#: sssd.conf.5.xml:4594
 msgid "to change the message of the interactive prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4591
+#: sssd.conf.5.xml:4599
 msgid "touch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4593
+#: sssd.conf.5.xml:4601
 msgid ""
 "boolean value, if True prompt a message to remind the user to touch the "
 "device."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:4599
+#: sssd.conf.5.xml:4607
 msgid "touch_prompt"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4601
+#: sssd.conf.5.xml:4609
 msgid "to change the message of the touch prompt."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:4570
+#: sssd.conf.5.xml:4578
 msgid ""
 "to configure passkey authentication prompting, allowed options are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4510
+#: sssd.conf.5.xml:4518
 msgid ""
 "Each supported authentication method has its own configuration subsection "
 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
@@ -5351,7 +5360,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4612
+#: sssd.conf.5.xml:4620
 msgid ""
 "It is possible to add a subsection for specific PAM services, e.g. "
 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
@@ -5359,12 +5368,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:4619 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:4627 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4625
+#: sssd.conf.5.xml:4633
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -5393,7 +5402,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4621
+#: sssd.conf.5.xml:4629
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -5402,7 +5411,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4657
+#: sssd.conf.5.xml:4665
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -5410,7 +5419,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4651
+#: sssd.conf.5.xml:4659
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -5421,7 +5430,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:4668
+#: sssd.conf.5.xml:4676
 #, no-wrap
 msgid ""
 "[certmap/my.domain/rule_name]\n"
@@ -5432,7 +5441,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:4662
+#: sssd.conf.5.xml:4670
 msgid ""
 "3. The following example shows the configuration of a certificate mapping "
 "rule. It is valid for the configured domain <quote>my.domain</quote> and "
@@ -6015,7 +6024,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1760
+#: sssd-ldap.5.xml:599 sssd-ldap.5.xml:642 sssd-ldap.5.xml:1764
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
@@ -6102,20 +6111,23 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:695
 msgid ""
-"Active Directory limits the number of members to be retrieved in a single "
-"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-"group contains more members, the reply would include an AD-specific range "
-"extension. This option disables parsing of the range extension, therefore "
-"large groups will appear as having no members."
+"Active Directory limits the number of members that can be retrieved in a "
+"single lookup using the MaxValRange policy, which defaults to 1500 members. "
+"If a group contains more than 1500 members, the reply includes an AD-"
+"specific range extension. When enabled, this option prevents SSSD from "
+"parsing the range extension. As a result large groups will appear as they "
+"have no members.  This option does not enable SSSD to read subsequent "
+"ranges. To retrieve all members of a group, you must increase the "
+"MaxValRange setting in Active Directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:710
+#: sssd-ldap.5.xml:714
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:713
+#: sssd-ldap.5.xml:717
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6123,17 +6135,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:719 sssd-ldap.5.xml:735
+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:739
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:726
+#: sssd-ldap.5.xml:730
 msgid "ldap_sasl_maxssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:729
+#: sssd-ldap.5.xml:733
 msgid ""
 "When communicating with an LDAP server using SASL, specify the maximal "
 "security level necessary to establish the connection. The values of this "
@@ -6141,12 +6153,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:746
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#: sssd-ldap.5.xml:749
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6154,7 +6166,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:751
+#: sssd-ldap.5.xml:755
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0. "
 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
@@ -6165,7 +6177,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:766
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6174,7 +6186,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:770
+#: sssd-ldap.5.xml:774
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6182,12 +6194,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:783
+#: sssd-ldap.5.xml:787
 msgid "ldap_ignore_unreadable_references (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786
+#: sssd-ldap.5.xml:790
 msgid ""
 "Ignore unreadable LDAP entries referenced in group's member attribute. If "
 "this parameter is set to false an error will be returned and the operation "
@@ -6195,7 +6207,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:797
 msgid ""
 "This parameter may be useful when using the AD provider and the computer "
 "account that sssd uses to connect to AD does not have access to a particular "
@@ -6203,26 +6215,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:809
+#: sssd-ldap.5.xml:813
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:815
+#: sssd-ldap.5.xml:819
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:823
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6230,7 +6242,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:826
+#: sssd-ldap.5.xml:830
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6238,7 +6250,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:836
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6246,41 +6258,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:842
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:846
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:848
+#: sssd-ldap.5.xml:852
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:855
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:856 sssd-ldap.5.xml:875 sssd-ldap.5.xml:916
+#: sssd-ldap.5.xml:860 sssd-ldap.5.xml:879 sssd-ldap.5.xml:920
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:867
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:870
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6290,32 +6302,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:886
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:889
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:899
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:902
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:907
+#: sssd-ldap.5.xml:911
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:910
+#: sssd-ldap.5.xml:914
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6323,12 +6335,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:923
+#: sssd-ldap.5.xml:927
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:930
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel.  <emphasis>true</"
@@ -6336,12 +6348,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:941
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:944
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6349,17 +6361,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:950
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:956
+#: sssd-ldap.5.xml:960
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:959
+#: sssd-ldap.5.xml:963
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6370,24 +6382,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:975
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:981
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:984
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 "tested and supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:988
 msgid ""
 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 "automatically inherited to the sub-domains. If a different value is needed "
@@ -6398,12 +6410,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1004
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1016
 #, no-wrap
 msgid ""
 "hostname@REALM\n"
@@ -6416,7 +6428,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003
+#: sssd-ldap.5.xml:1007
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 "this represents the Kerberos principal used for authentication to the "
@@ -6428,17 +6440,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1027
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1033
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1036
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6446,49 +6458,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1042
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1048
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1051
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1052
+#: sssd-ldap.5.xml:1056
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1062
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1061
+#: sssd-ldap.5.xml:1065
 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070 sssd-krb5.5.xml:247
+#: sssd-ldap.5.xml:1074 sssd-krb5.5.xml:247
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1076
+#: sssd-ldap.5.xml:1080
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1079
+#: sssd-ldap.5.xml:1083
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6496,28 +6508,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1095
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1098
 msgid ""
 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103 sssd-ad.5.xml:1256
+#: sssd-ldap.5.xml:1107 sssd-ad.5.xml:1256
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1109 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1113 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1116
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6529,7 +6541,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1128 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6537,7 +6549,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1129 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1133 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6545,39 +6557,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1138 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1142 sssd-ipa.5.xml:595 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1145
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1149
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1151 include/krb5_options.xml:154
+#: sssd-ldap.5.xml:1155 include/krb5_options.xml:154
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1158
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:336
+#: sssd-ldap.5.xml:1170 sssd-krb5.5.xml:336
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169 sssd-krb5.5.xml:339
+#: sssd-ldap.5.xml:1173 sssd-krb5.5.xml:339
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6587,7 +6599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180 sssd-krb5.5.xml:350
+#: sssd-ldap.5.xml:1184 sssd-krb5.5.xml:350
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6595,26 +6607,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1198
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1201
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1202
+#: sssd-ldap.5.xml:1206
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1207
+#: sssd-ldap.5.xml:1211
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6623,7 +6635,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1219
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6631,31 +6643,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1228
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1236
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1239
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1243
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1244
+#: sssd-ldap.5.xml:1248
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6668,51 +6680,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1267
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1270
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1270
+#: sssd-ldap.5.xml:1274
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1280
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1283
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1284
+#: sssd-ldap.5.xml:1288
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1290
+#: sssd-ldap.5.xml:1294
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1297
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1303
 msgid ""
 "It is recommend to set this option explicitly if \"ldap_pwd_policy = "
 "shadow\" is used to let SSSD know if the LDAP server will update "
@@ -6721,12 +6733,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1317
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1316
+#: sssd-ldap.5.xml:1320
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6742,12 +6754,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1336
+#: sssd-ldap.5.xml:1340
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1339
+#: sssd-ldap.5.xml:1343
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6756,14 +6768,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1343
+#: sssd-ldap.5.xml:1347
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1352
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6772,24 +6784,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356 sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1416
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1362
+#: sssd-ldap.5.xml:1366
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1365
+#: sssd-ldap.5.xml:1369
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1369
+#: sssd-ldap.5.xml:1373
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6797,19 +6809,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1376
+#: sssd-ldap.5.xml:1380
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1383
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1388
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6818,7 +6830,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1395
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6826,7 +6838,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1397
+#: sssd-ldap.5.xml:1401
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6835,7 +6847,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1409
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6843,22 +6855,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1422
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421 sssd-ipa.5.xml:420
+#: sssd-ldap.5.xml:1425 sssd-ipa.5.xml:420
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1429
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1428
+#: sssd-ldap.5.xml:1432
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6868,14 +6880,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1442
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1445
+#: sssd-ldap.5.xml:1449
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6888,12 +6900,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1462
+#: sssd-ldap.5.xml:1466
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466 sssd-ipa.5.xml:428
+#: sssd-ldap.5.xml:1470 sssd-ipa.5.xml:428
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6903,31 +6915,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476 sssd-ipa.5.xml:438
+#: sssd-ldap.5.xml:1480 sssd-ipa.5.xml:438
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:443
+#: sssd-ldap.5.xml:1485 sssd-ipa.5.xml:443
 msgid "pwd_expire_policy_reject - user is denied to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1487 sssd-ipa.5.xml:449
+#: sssd-ldap.5.xml:1491 sssd-ipa.5.xml:449
 msgid "pwd_expire_policy_warn - user is still able to log in,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ldap.5.xml:1493 sssd-ipa.5.xml:455
+#: sssd-ldap.5.xml:1497 sssd-ipa.5.xml:455
 msgid ""
 "pwd_expire_policy_renew - user is prompted to change their password "
 "immediately."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1505
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to shadow or mit_kerberos, these "
@@ -6935,50 +6947,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1511
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512
+#: sssd-ldap.5.xml:1516
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1516
+#: sssd-ldap.5.xml:1520
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1524
 msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1529
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1532
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1539
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1542
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6987,74 +6999,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1550
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1553
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1559
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1562
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1567
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1571
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572
+#: sssd-ldap.5.xml:1576
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1581
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1586
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1594
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1593
+#: sssd-ldap.5.xml:1597
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1601
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7065,7 +7077,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1608
+#: sssd-ldap.5.xml:1612
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7073,58 +7085,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1620 sssd-ifp.5.xml:152
+#: sssd-ldap.5.xml:1624 sssd-ifp.5.xml:152
 msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1627
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627
+#: sssd-ldap.5.xml:1631
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1635
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1641
 msgid "ldap_library_debug_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1640
+#: sssd-ldap.5.xml:1644
 msgid ""
 "Switches on libldap debugging with the given level.  The libldap debug "
 "messages will be written independent of the general debug_level."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1649
 msgid ""
 "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
 "enable full debug output."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1654
 msgid "Default: 0 (libldap debugging disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1660
 msgid "ldap_use_ppolicy (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1663
 msgid ""
 "Turns on requesting and relying on the server-side password policy controls. "
 "Disabling this allows interacting with services which send back invalid "
@@ -7132,12 +7144,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1671
+#: sssd-ldap.5.xml:1675
 msgid "ldap_ppolicy_pwd_change_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1678
 msgid ""
 "Forces a password change when server side password policy controls are "
 "enabled and remaining grace logins returned by the server after the "
@@ -7160,12 +7172,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1694
+#: sssd-ldap.5.xml:1698
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1700
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7173,43 +7185,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707
+#: sssd-ldap.5.xml:1711
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1714
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1715
+#: sssd-ldap.5.xml:1719
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1720
+#: sssd-ldap.5.xml:1724
 msgid ""
 "You can disable full refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1729
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1731
+#: sssd-ldap.5.xml:1735
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734
+#: sssd-ldap.5.xml:1738
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest "
@@ -7217,14 +7229,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1744
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1744
+#: sssd-ldap.5.xml:1748
 msgid ""
 "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
 "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
@@ -7234,19 +7246,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1759
 msgid ""
 "You can disable smart refresh by setting this option to 0. However, either "
 "smart or full refresh must be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:1770
 msgid "ldap_sudo_random_offset (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1773
 msgid ""
 "Random offset between 0 and configured value is added to smart and full "
 "refresh periods each time the periodic task is scheduled. The value is in "
@@ -7254,7 +7266,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1779
 msgid ""
 "Note that this random offset is also applied on the first SSSD start which "
 "delays the first sudo rules refresh. This prolongs the time when the sudo "
@@ -7262,106 +7274,106 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1785
 msgid "You can disable this offset by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1795
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1798
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1805
+#: sssd-ldap.5.xml:1809
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:1812
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1813
+#: sssd-ldap.5.xml:1817
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1818 sssd-ldap.5.xml:1841 sssd-ldap.5.xml:1859
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1822 sssd-ldap.5.xml:1845 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1881
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1823 sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1827 sssd-ldap.5.xml:1850
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1833
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1836
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1841
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1856
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1855
+#: sssd-ldap.5.xml:1859
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1874
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1877
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1887
 msgid ""
 "Using wildcard is an operation that is very costly to evaluate on the LDAP "
 "server side!"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1899
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7370,59 +7382,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1909
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1907
+#: sssd-ldap.5.xml:1911
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1917
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1916
+#: sssd-ldap.5.xml:1920
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1919
+#: sssd-ldap.5.xml:1923
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:1934
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1941
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1942
+#: sssd-ldap.5.xml:1946
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1951
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:1956
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1958
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -7431,22 +7443,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:1961
+#: sssd-ldap.5.xml:1965
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1967
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1972
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1936
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7455,14 +7467,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1983 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
+#: sssd-ldap.5.xml:1987 sssd-simple.5.xml:131 sssd-ipa.5.xml:994
 #: sssd-ad.5.xml:1459 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1989
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7470,7 +7482,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:1995
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7483,7 +7495,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2008 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:1994 sssd-ldap.5.xml:2012 sssd-simple.5.xml:139
 #: sssd-ipa.5.xml:1002 sssd-ad.5.xml:1467 sssd-sudo.5.xml:56
 #: sssd-krb5.5.xml:492 sssd-files.5.xml:162 sssd-files.5.xml:173
 #: sssd-session-recording.5.xml:182 include/ldap_id_mapping.xml:105
@@ -7491,19 +7503,19 @@ msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2006
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2008
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2013
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7519,13 +7531,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2024 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2028 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1482 sssd.8.xml:270 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2030
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7580,7 +7592,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
-#: sss_ssh_knownhosts.1.xml:56 sss_ssh_knownhostsproxy.1.xml:72
+#: sss_ssh_knownhosts.1.xml:59 sss_ssh_knownhostsproxy.1.xml:72
 msgid "OPTIONS"
 msgstr "选项"
 
@@ -12439,7 +12451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:113
+#: sssd.8.xml:223 sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhosts.1.xml:116
 #: sss_ssh_knownhostsproxy.1.xml:112
 msgid "EXIT STATUS"
 msgstr ""
@@ -12571,7 +12583,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
-#: sss_ssh_knownhosts.1.xml:60 sss_ssh_knownhostsproxy.1.xml:88
+#: sss_ssh_knownhosts.1.xml:63 sss_ssh_knownhostsproxy.1.xml:88
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -14315,19 +14327,24 @@ msgid ""
 "manvolnum> </citerefentry> man page for more details about this option."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhosts.1.xml:54
+msgid "This tool requires that SSSD's ssh service is enabled to work properly."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:65 sss_ssh_knownhostsproxy.1.xml:93
+#: sss_ssh_knownhosts.1.xml:68 sss_ssh_knownhostsproxy.1.xml:93
 msgid ""
 "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_ssh_knownhosts.1.xml:72
+#: sss_ssh_knownhosts.1.xml:75
 msgid "<option>-o</option>,<option>--only-host-name</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_knownhosts.1.xml:76
+#: sss_ssh_knownhosts.1.xml:79
 msgid ""
 "When the keys retrieved from the backend do not include the hostname, this "
 "tool will add the unmodified hostname as provided by the caller. If this "
@@ -14335,12 +14352,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_knownhosts.1.xml:88
+#: sss_ssh_knownhosts.1.xml:91
 msgid "KEY RETRIEVAL"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:90
+#: sss_ssh_knownhosts.1.xml:93
 msgid ""
 "The key lines retrieved from the backend are expected to respect the key "
 "format as decribed in the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
@@ -14354,7 +14371,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_knownhosts.1.xml:107
+#: sss_ssh_knownhosts.1.xml:110
 #, no-wrap
 msgid ""
 "                [canonical.host.name]:2222 &lt;keytype&gt; &lt;base64-encoded key&gt;\n"
@@ -14362,7 +14379,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:102
+#: sss_ssh_knownhosts.1.xml:105
 msgid ""
 "When the SSH server is listening on a non-default port, the backend MUST "
 "provide the hostname including the port number in the correct format and "
@@ -14371,10 +14388,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_knownhosts.1.xml:115
+#: sss_ssh_knownhosts.1.xml:118
 msgid ""
-"In case of successful execution, even if no key was found, 0 is returned. 1 "
-"is returned in case of error."
+"In case of successful execution, even if no key was found for that host or "
+"if the ssh responder could not be contacted, 0 is returned.  1 is returned "
+"in case of any other error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>