[freeipa] Update translations from transifex
Petr Viktorin
pviktori at fedoraproject.org
Thu Sep 26 11:11:19 UTC 2013
commit 404a6dfdfcef2d6144f245c3ed6dca4b0f37fcfe
Author: Petr Viktorin <pviktori at redhat.com>
Date: Thu Sep 26 12:12:13 2013 +0200
Update translations from transifex
0001-Update-translations.patch | 5358 ++++++++++++++++++++++++++++++++++++++++
freeipa.spec | 2 +
2 files changed, 5360 insertions(+), 0 deletions(-)
---
diff --git a/0001-Update-translations.patch b/0001-Update-translations.patch
new file mode 100644
index 0000000..ed731e0
--- /dev/null
+++ b/0001-Update-translations.patch
@@ -0,0 +1,5358 @@
+From a47dbcb21165ff4d18ba17c7837f99263f94b845 Mon Sep 17 00:00:00 2001
+From: Petr Viktorin <pviktori at redhat.com>
+Date: Thu, 26 Sep 2013 11:02:25 +0200
+Subject: [PATCH] Update translations from Transifex
+
+---
+ install/po/bn_IN.po | 6 +-
+ install/po/ca.po | 6 +-
+ install/po/cs.po | 6 +-
+ install/po/de.po | 6 +-
+ install/po/es.po | 140 +++-
+ install/po/eu.po | 6 +-
+ install/po/fr.po | 1941 ++++++++++++++++++++++++++++++++++++++++++++++++++-
+ install/po/id.po | 6 +-
+ install/po/ipa.pot | 1137 +++++++++++++++---------------
+ install/po/ja.po | 6 +-
+ install/po/kn.po | 6 +-
+ install/po/nl.po | 6 +-
+ install/po/pl.po | 6 +-
+ install/po/ru.po | 6 +-
+ install/po/tg.po | 6 +-
+ install/po/uk.po | 6 +-
+ install/po/zh_CN.po | 6 +-
+ 17 files changed, 2691 insertions(+), 611 deletions(-)
+
+diff --git a/install/po/bn_IN.po b/install/po/bn_IN.po
+index 8cd115a0ee840d7bd20680a881d9a3a606665f86..d1061081d85982146304912807026c4d4835bea6 100644
+--- a/install/po/bn_IN.po
++++ b/install/po/bn_IN.po
+@@ -8,16 +8,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Bengali (India) <anubad at lists.ankur.org.in>\n"
+-"Language: bn_IN\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: bn_IN\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ msgid "Passwords do not match"
+diff --git a/install/po/ca.po b/install/po/ca.po
+index 502fbc6e051854fc02d0eecf5ba32f29f1e6172c..bd1c112a0783c4d198c426bdd885525c5b57e5d5 100644
+--- a/install/po/ca.po
++++ b/install/po/ca.po
+@@ -7,16 +7,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Catalan <fedora at llistes.softcatala.org>\n"
+-"Language: ca\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: ca\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ msgid "Passwords do not match"
+diff --git a/install/po/cs.po b/install/po/cs.po
+index ba933a5f487afe6731476f3b75ebcd1ede1a2ec2..31ac931321c00a8f8ec1225c3a4b9770b0d853e5 100644
+--- a/install/po/cs.po
++++ b/install/po/cs.po
+@@ -7,17 +7,17 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/"
+ "cs/)\n"
+-"Language: cs\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: cs\n"
+ "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
+
+ #, python-format
+diff --git a/install/po/de.po b/install/po/de.po
+index 5f8b6968973ba4e177d6a0699ac8be0bffd345c0..ec5024667fdf2c354e0665fbe2a6289240d74867 100644
+--- a/install/po/de.po
++++ b/install/po/de.po
+@@ -8,16 +8,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: German <trans-de at lists.fedoraproject.org>\n"
+-"Language: de\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: de\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ #, python-format
+diff --git a/install/po/es.po b/install/po/es.po
+index 783bc3c874a679b5932e13e5b862ca1f2ac96c2e..abca24c4aebc323d5ab9cd1e318565d6d9623d13 100644
+--- a/install/po/es.po
++++ b/install/po/es.po
+@@ -3,6 +3,7 @@
+ # This file is distributed under the same license as the PACKAGE package.
+ #
+ # Translators:
++# Adolfo Jayme Barrientos <fitoschido at ubuntu.com>, 2013
+ # Eduardo Villagrán M <gotencool at gmail.com>, 2012
+ # vareli <ehespinosa at ya.com>, 2013
+ # Gladys Guerrero <gguerrer at redhat.com>, 2011
+@@ -13,16 +14,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+-"PO-Revision-Date: 2013-08-01 14:06+0000\n"
+-"Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
++"PO-Revision-Date: 2013-09-20 06:46+0000\n"
++"Last-Translator: Adolfo Jayme Barrientos <fitoschido at ubuntu.com>\n"
+ "Language-Team: Spanish <trans-es at lists.fedoraproject.org>\n"
+-"Language: es\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: es\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ #, python-format
+@@ -103,6 +104,10 @@ msgid "Client is not configured. Run ipa-client-install."
+ msgstr "El cliente no está configurado. Ejecutar la API de cliente a instalar."
+
+ #, python-format
++msgid "Could not get %(name)s interactively"
++msgstr "No se pudo obtener %(name)s interactivamente"
++
++#, python-format
+ msgid "%(reason)s"
+ msgstr "%(reason)s"
+
+@@ -276,6 +281,15 @@ msgstr "Una lista de entradas LDAP"
+ msgid "All commands should at least have a result"
+ msgstr "Todos los comandos deberían por lo menos tener un resultado"
+
++msgid "Number of entries returned"
++msgstr "Cantidad de entradas devueltas"
++
++msgid "List of deletions that failed"
++msgstr "Lista de eliminaciones fallidas"
++
++msgid "True means the operation was successful"
++msgstr "«Verdadero» significa que la operación fue exitosa"
++
+ msgid "incorrect type"
+ msgstr "tipo incorrecto"
+
+@@ -1409,22 +1423,50 @@ msgid "invalid IP network format"
+ msgstr "formato no válido de red IP"
+
+ #, python-format
++msgid "invalid domain-name: %s"
++msgstr "nombre de dominio no válido: %s"
++
++#, python-format
+ msgid "DNS reverse zone for IP address %(addr)s not found"
+ msgstr "Zona invertida DNS para dirección IP %(addr)s no encontrada"
+
+ #, python-format
+ msgid "DNS zone %(zone)s not found"
+ msgstr "Zona DNS %(zone)s no encontrado"
+
++msgid "Invalid number of parts!"
++msgstr "El número de partes no es válido."
++
+ msgid "IP Address"
+ msgstr "Dirección IP"
+
++msgid "Subtype"
++msgstr "Subtipo"
++
+ msgid "Hostname"
+ msgstr "Nombre del equipo anfitrión"
+
++msgid "Certificate Type"
++msgstr "Tipo de certificado"
++
++msgid "Algorithm"
++msgstr "Algoritmo"
++
++msgid "Certificate/CRL"
++msgstr "Certificado/CRL"
++
+ msgid "Target"
+ msgstr "Meta"
+
++msgid "Protocol"
++msgstr "Protocolo"
++
++msgid "Public Key"
++msgstr "Clave pública"
++
++msgid "Preference"
++msgstr "Preferencia"
++
+ msgid ""
+ "format must be specified as\n"
+ " \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] "
+@@ -1452,9 +1494,45 @@ msgstr ""
+ msgid "Service"
+ msgstr "Servicio"
+
++msgid "Regular Expression"
++msgstr "Expresión regular"
++
+ msgid "Priority"
+ msgstr "Prioridad"
+
++msgid "Port"
++msgstr "Puerto"
++
++msgid "Labels"
++msgstr "Etiquetas"
++
++msgid "Original TTL"
++msgstr "TTL original"
++
++msgid "Signature Expiration"
++msgstr "Caducidad de la firma"
++
++msgid "Signer's Name"
++msgstr "Nombre del firmante"
++
++msgid "Signature"
++msgstr "Firma"
++
++msgid "Fingerprint Type"
++msgstr "Tipo de huella digital"
++
++msgid "Fingerprint"
++msgstr "Huella digital"
++
++msgid "Text Data"
++msgstr "Datos de texto"
++
++msgid "Records"
++msgstr "Registros"
++
++msgid "Record type"
++msgstr "Tipo de registro"
++
+ #, python-format
+ msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record"
+ msgstr ""
+@@ -1615,6 +1693,9 @@ msgstr "Clase"
+ msgid "DNS class"
+ msgstr "Clase DNS"
+
++msgid "Structured"
++msgstr "Estructurado"
++
+ #, python-format
+ msgid ""
+ "Reverse zone for PTR record should be a sub-zone of one the following fully "
+@@ -1654,6 +1735,10 @@ msgstr ""
+ msgid "Delete all associated records"
+ msgstr "Eliminar todos los registros asociados"
+
++#, python-format
++msgid "Zone record '%s' cannot be deleted"
++msgstr "No se puede eliminar el registro de zona «%s»"
++
+ msgid "No option to delete specific record provided."
+ msgstr "Ninguna opción para borrar un registro en concreto especificado."
+
+@@ -2059,6 +2144,9 @@ msgstr "Borrar miembros de un grupo de servicio HBAC."
+ msgid "Simulate use of Host-based access controls"
+ msgstr "Simular el uso de controles de acceso basados en Host"
+
++msgid "Warning"
++msgstr "Aviso"
++
+ msgid "Matched rules"
+ msgstr "Reglas coincidentes"
+
+@@ -2161,6 +2249,9 @@ msgstr "Certificado del servidor codificado con base-64"
+ msgid "Principal name"
+ msgstr "Nombre principal"
+
++msgid "MAC address"
++msgstr "Dirección MAC"
++
+ msgid "Add a new host."
+ msgstr "Añadir un n uevo host."
+
+@@ -2202,6 +2293,9 @@ msgstr "Ha sido modificado el equipo \"%(value)s\""
+ msgid "Kerberos principal name for this host"
+ msgstr "Nombre del prinicpal de Kerberos para este equipo"
+
++msgid "Update DNS entries"
++msgstr "Actualizar las entradas DNS"
++
+ msgid "Password cannot be set on enrolled host."
+ msgstr "La contraseña no puede ser fijada en el host matriculado."
+
+@@ -2400,6 +2494,15 @@ msgstr "Cancelar"
+ msgid "Close"
+ msgstr "Cerrar"
+
++msgid "Disable"
++msgstr "Desactivar"
++
++msgid "Edit"
++msgstr "Editar"
++
++msgid "Enable"
++msgstr "Activar"
++
+ msgid "Find"
+ msgstr "Buscar"
+
+@@ -2412,6 +2515,9 @@ msgstr "Tema"
+ msgid "OK"
+ msgstr "Aceptar"
+
++msgid "Refresh"
++msgstr "Actualizar"
++
+ msgid "Delete"
+ msgstr "Eliminar"
+
+@@ -2427,6 +2533,9 @@ msgstr "Reintentar"
+ msgid "Revoke"
+ msgstr "Revocar"
+
++msgid "Set"
++msgstr "Definir"
++
+ msgid "Update"
+ msgstr "Actualizar"
+
+@@ -2475,6 +2584,9 @@ msgstr "Esta página tiene cambios sin guardar. Por favor, guardar o deshacer."
+ msgid "Unsaved Changes"
+ msgstr "Cambios No Guardados"
+
++msgid "Edit ${entity}"
++msgstr "Editar ${entity}"
++
+ msgid "Hide details"
+ msgstr "Esconder detalles"
+
+@@ -2544,6 +2656,9 @@ msgstr "Nombre de usuario"
+ msgid "Attribute"
+ msgstr "Atributo"
+
++msgid "Add Rule"
++msgstr "Añadir una regla"
++
+ msgid "Automount Location Settings"
+ msgstr "Configuración de ubicación de automount"
+
+@@ -2921,6 +3036,9 @@ msgstr "Información del Empleado"
+ msgid "Error changing account status"
+ msgstr "Error al cambiar el estado de cuenta"
+
++msgid "Password expiration"
++msgstr "Caducidad de la contraseña"
++
+ msgid "Mailing Address"
+ msgstr "Dirección de correo"
+
+@@ -2980,6 +3098,9 @@ msgstr ""
+ msgid "Unselect All"
+ msgstr "Anular selección"
+
++msgid "Disabled"
++msgstr "Desactivado"
++
+ msgid "Audit"
+ msgstr "Auditoría"
+
+@@ -3028,6 +3149,15 @@ msgstr "El texto no coincide con el patrón de campo"
+ msgid "Must be an integer"
+ msgstr "Debe ser un entero"
+
++msgid "Not a valid IP address"
++msgstr "No es una dirección IP válida"
++
++msgid "Not a valid IPv4 address"
++msgstr "No es una dirección IPv4 válida"
++
++msgid "Not a valid IPv6 address"
++msgstr "No es una dirección IPv6 válida"
++
+ msgid "Maximum value is ${value}"
+ msgstr "Valor máximo es ${value}"
+
+diff --git a/install/po/eu.po b/install/po/eu.po
+index bad3c8484c93871a47c7706e2ebeb19af6a396f3..9a65d66463168b50298bb6da3390f065c8e57f83 100644
+--- a/install/po/eu.po
++++ b/install/po/eu.po
+@@ -7,17 +7,17 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Basque (http://www.transifex.com/projects/p/fedora/language/"
+ "eu/)\n"
+-"Language: eu\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: eu\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ #, c-format
+diff --git a/install/po/fr.po b/install/po/fr.po
+index 9b0029d112de34a04ed207987a327e5b69c45826..22ae41f53dae55d54efb4969659f69b820624401 100644
+--- a/install/po/fr.po
++++ b/install/po/fr.po
+@@ -4,22 +4,25 @@
+ #
+ # Translators:
+ # Automatically generated, 2010
++# Dralyab <geodebay at gmail.com>, 2013
++# Dralyab <geodebay at gmail.com>, 2013
++# Gé Baylard <<Geodebay at gmail.com>>, 2013
+ # Jérôme Fenal <jfenal at gmail.com>, 2011-2013
+ # Jérôme Fenal <jfenal at gmail.com>, 2011
+ # Petr Viktorin <encukou at gmail.com>, 2013
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+-"PO-Revision-Date: 2013-08-02 08:48+0000\n"
+-"Last-Translator: Jérôme Fenal <jfenal at gmail.com>\n"
++"PO-Revision-Date: 2013-08-16 17:26+0000\n"
++"Last-Translator: Dralyab <geodebay at gmail.com>\n"
+ "Language-Team: French <trans-fr at lists.fedoraproject.org>\n"
+-"Language: fr\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: fr\n"
+ "Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+ #, python-format
+@@ -1796,6 +1799,178 @@ msgstr ""
+ msgid "Nested Methods to execute"
+ msgstr "Commandes imbriquées à exécuter"
+
++msgid ""
++"\n"
++"IPA certificate operations\n"
++"\n"
++"Implements a set of commands for managing server SSL certificates.\n"
++"\n"
++"Certificate requests exist in the form of a Certificate Signing Request "
++"(CSR)\n"
++"in PEM format.\n"
++"\n"
++"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n"
++"subject to values configured in the server.\n"
++"\n"
++"A certificate is stored with a service principal and a service principal\n"
++"needs a host.\n"
++"\n"
++"In order to request a certificate:\n"
++"\n"
++"* The host must exist\n"
++"* The service must exist (or you use the --add option to automatically add "
++"it)\n"
++"\n"
++"SEARCHING:\n"
++"\n"
++"Certificates may be searched on by certificate subject, serial number,\n"
++"revocation reason, validity dates and the issued date.\n"
++"\n"
++"When searching on dates the _from date does a >= search and the _to date\n"
++"does a <= search. When combined these are done as an AND.\n"
++"\n"
++"Dates are treated as GMT to match the dates in the certificates.\n"
++"\n"
++"The date format is YYYY-mm-dd.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" Request a new certificate and add the principal:\n"
++" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
++"\n"
++" Retrieve an existing certificate:\n"
++" ipa cert-show 1032\n"
++"\n"
++" Revoke a certificate (see RFC 5280 for reason details):\n"
++" ipa cert-revoke --revocation-reason=6 1032\n"
++"\n"
++" Remove a certificate from revocation hold status:\n"
++" ipa cert-remove-hold 1032\n"
++"\n"
++" Check the status of a signing request:\n"
++" ipa cert-status 10\n"
++"\n"
++" Search for certificates by hostname:\n"
++" ipa cert-find --subject=ipaserver.example.com\n"
++"\n"
++" Search for revoked certificates by reason:\n"
++" ipa cert-find --revocation-reason=5\n"
++"\n"
++" Search for certificates based on issuance date\n"
++" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
++"\n"
++"IPA currently immediately issues (or declines) all certificate requests so\n"
++"the status of a request is not normally useful. This is for future use\n"
++"or the case where a CA does not immediately issue a certificate.\n"
++"\n"
++"The following revocation reasons are supported:\n"
++"\n"
++" * 0 - unspecified\n"
++" * 1 - keyCompromise\n"
++" * 2 - cACompromise\n"
++" * 3 - affiliationChanged\n"
++" * 4 - superseded\n"
++" * 5 - cessationOfOperation\n"
++" * 6 - certificateHold\n"
++" * 8 - removeFromCRL\n"
++" * 9 - privilegeWithdrawn\n"
++" * 10 - aACompromise\n"
++"\n"
++"Note that reason code 7 is not used. See RFC 5280 for more details:\n"
++"\n"
++"http://www.ietf.org/rfc/rfc5280.txt\n"
++"\n"
++msgstr ""
++"\n"
++"Opérations de certification IPA\n"
++"\n"
++"Sont implémentées un ensemble de commandes pour gérer les certificats SSL du "
++"serveur.\n"
++"\n"
++"Les demandes de certification existent sous la forme de « Certificate "
++"Signing Request (CSR) »\n"
++"au format PEM.\n"
++"\n"
++"La plaque d'identité CA n'utilise que la valeur CN du CSR et force le reste "
++"du sujet aux\n"
++"valeurs configurées dans le serveur.\n"
++"\n"
++"Un certificat est enregistré avec un principal de service et un principal de "
++"service\n"
++"a besoin d'un hôte.\n"
++"\n"
++"Donc, pour demander un certificat :\n"
++"\n"
++"* l'hôte doit exister\n"
++"* le service doit exister (ou bien utilisez l'option --add pour l'ajouter "
++"automatiquement)\n"
++"\n"
++"RECHERCHE :\n"
++"\n"
++"Les certificats peuvent être recherchés par sujet, numéro de série,\n"
++"motif de révocation, dates de validité et date d'émission.\n"
++"\n"
++"En recherchant par dates, _from effectue une recherche >= à la date et _to\n"
++"une recherche <= à la date. Si elles sont combinées, elles sont équivalentes "
++"à un AND.\n"
++"\n"
++"Les dates sont traitées comme étant GMT pour correspondre aux dates des "
++"certificats.\n"
++"\n"
++"La date est au format YYYY-mm-dd.\n"
++"\n"
++"EXEMPLES :\n"
++"\n"
++" Demander un nouveau certificat et ajouter le principal :\n"
++" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
++"\n"
++" Retrouver un certificat existant :\n"
++" ipa cert-show 1032\n"
++"\n"
++" Révoquer un certificat (voir RFC 5280 pour le détail des raisons) :\n"
++" ipa cert-revoke --revocation-reason=6 1032\n"
++"\n"
++" Lever l'état de maintien de révocation d'un certificat :\n"
++" ipa cert-remove-hold 1032\n"
++"\n"
++" Vérifier l'état d'une demande de signature :\n"
++" ipa cert-status 10\n"
++"\n"
++" Rechercher des certificats par nom d'hôte :\n"
++" ipa cert-find --subject=ipaserver.example.com\n"
++"\n"
++" Rechercher les certificats révoqués par motif :\n"
++" ipa cert-find --revocation-reason=5\n"
++"\n"
++" Rechercher les certificats selon la date d'émission :\n"
++" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
++"\n"
++"Actuellement IPA émet (ou décline) immédiatement toute demande de "
++"certificat ;\n"
++"l'état de la requête n'est donc normalement pas utile. La demande est en "
++"prévision d'une\n"
++"utilisation future ou au cas où un CA n'émet pas immédiatement un "
++"certificat.\n"
++"\n"
++"Les motifs de révocation suivants sont pris en charge :\n"
++"\n"
++" * 0 - unspecified\n"
++" * 1 - keyCompromise\n"
++" * 2 - cACompromise\n"
++" * 3 - affiliationChanged\n"
++" * 4 - superseded\n"
++" * 5 - cessationOfOperation\n"
++" * 6 - certificateHold\n"
++" * 8 - removeFromCRL\n"
++" * 9 - privilegeWithdrawn\n"
++" * 10 - aACompromise\n"
++"\n"
++"Notez que le motif de code 7 n'est pas utilisé. Voir RFC 5280 pour plus de "
++"détails :\n"
++"\n"
++"http://www.ietf.org/rfc/rfc5280.txt\n"
++"\n"
++
+ msgid "Failure decoding Certificate Signing Request:"
+ msgstr "Échec dans le décodage du Certificate Signing Request :"
+
+@@ -3565,6 +3740,195 @@ msgstr "Modifier la configuration DNS globale."
+ msgid "Show the current global DNS configuration."
+ msgstr "Afficher la configuration DNS globale."
+
++msgid ""
++"\n"
++"Groups of users\n"
++"\n"
++"Manage groups of users. By default, new groups are POSIX groups. You\n"
++"can add the --nonposix option to the group-add command to mark a new group\n"
++"as non-POSIX. You can use the --posix argument with the group-mod command\n"
++"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
++"converted to non-POSIX groups.\n"
++"\n"
++"Every group must have a description.\n"
++"\n"
++"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
++"supported but can have an impact on your file permissions. It is not "
++"necessary\n"
++"to supply a GID when creating a group. IPA will generate one automatically\n"
++"if it is not provided.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" Add a new group:\n"
++" ipa group-add --desc='local administrators' localadmins\n"
++"\n"
++" Add a new non-POSIX group:\n"
++" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
++"\n"
++" Convert a non-POSIX group to posix:\n"
++" ipa group-mod --posix remoteadmins\n"
++"\n"
++" Add a new POSIX group with a specific Group ID number:\n"
++" ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
++"\n"
++" Add a new POSIX group and let IPA assign a Group ID number:\n"
++" ipa group-add --desc='printer admins' printeradmins\n"
++"\n"
++" Remove a group:\n"
++" ipa group-del unixadmins\n"
++"\n"
++" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
++" ipa group-add-member --groups=remoteadmins localadmins\n"
++"\n"
++" Add multiple users to the \"localadmins\" group:\n"
++" ipa group-add-member --users=test1 --users=test2 localadmins\n"
++"\n"
++" Remove a user from the \"localadmins\" group:\n"
++" ipa group-remove-member --users=test2 localadmins\n"
++"\n"
++" Display information about a named group.\n"
++" ipa group-show localadmins\n"
++"\n"
++"External group membership is designed to allow users from trusted domains\n"
++"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
++"External members should be added to groups that specifically created as\n"
++"external and non-POSIX. Such group later should be included into one of "
++"POSIX\n"
++"groups.\n"
++"\n"
++"An external group member is currently a Security Identifier (SID) as defined "
++"by\n"
++"the trusted domain. When adding external group members, it is possible to\n"
++"specify them in either SID, or DOM\\name, or name at domain format. IPA will "
++"attempt\n"
++"to resolve passed name to SID with the use of Global Catalog of the trusted "
++"domain.\n"
++"\n"
++"Example:\n"
++"\n"
++"1. Create group for the trusted domain admins' mapping and their local POSIX "
++"group:\n"
++"\n"
++" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
++"--external\n"
++" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
++"\n"
++"2. Add security identifier of Domain Admins of the <ad.domain> to the "
++"ad_admins_external\n"
++" group:\n"
++"\n"
++" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
++"\n"
++"3. Allow members of ad_admins_external group to be associated with ad_admins "
++"POSIX group:\n"
++"\n"
++" ipa group-add-member ad_admins --groups ad_admins_external\n"
++"\n"
++"4. List members of external members of ad_admins_external group to see their "
++"SIDs:\n"
++"\n"
++" ipa group-show ad_admins_external\n"
++msgstr ""
++"\n"
++"Groupes d'utilisateurs\n"
++"\n"
++"Gérer des groupes d'utilisateurs. Par défaut, les nouveaux groupes sont des "
++"groupes POSIX.\n"
++"Vous pouvez ajouter l'option --nonposix à la commande group-add pour marquer "
++"un nouveau groupe\n"
++"comme non-POSIX. Vous pouvez utiliser --posix argument avec la commande "
++"group-mod\n"
++"pour convertir un groupe non-POSIX en groupe POSIX. Des groupes POSIX ne "
++"peuvent pas être\n"
++"convertis en groupes non-POSIX.\n"
++"\n"
++"Chaque groupe doit avoir une description.\n"
++"\n"
++"Les groupes POSIX doivent avoir un numéro d'ID de groupe (GID). Modifier un "
++"GID est\n"
++"accepté mais peut avoir un impact sur vos droits d'accès aux fichiers. Il "
++"n'est pas nécessaire\n"
++"de fournir un GID à la création d'un groupe. IPA en générera un "
++"automatiquement\n"
++"s'il n'est pas indiqué.\n"
++"\n"
++"EXEMPLES :\n"
++"\n"
++" Ajouter un nouveau groupe :\n"
++" ipa group-add --desc='local administrators' localadmins\n"
++"\n"
++" Ajouter un nouveau groupe non-POSIX :\n"
++" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
++"\n"
++" Convertir un groupe non-POSIX en groupe POSIX :\n"
++" ipa group-mod --posix remoteadmins\n"
++"\n"
++" Ajouter un nouveau groupe POSIX avec un numéro d'ID de groupe donné :\n"
++" ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
++"\n"
++" Ajouter un nouveau groupe POSIX et laisser IPA assigner un numéro d'ID de "
++"groupe :\n"
++" ipa group-add --desc='printer admins' printeradmins\n"
++"\n"
++" Supprimer un groupe :\n"
++" ipa group-del unixadmins\n"
++"\n"
++" Ajouter le groupe « remoteadmins » au groupe « localadmins » :\n"
++" ipa group-add-member --groups=remoteadmins localadmins\n"
++"\n"
++" Ajouter plusieurs utilisateurs au groupe « localadmins » :\n"
++" ipa group-add-member --users=test1 --users=test2 localadmins\n"
++"\n"
++" Supprimer un utilisateur du groupe « localadmins » :\n"
++" ipa group-remove-member --users=test2 localadmins\n"
++"\n"
++" Afficher des informations à propos d'un groupe donné :\n"
++" ipa group-show localadmins\n"
++"\n"
++"L'appartenance d'un groupe externe est conçue pour permettre aux utilisateur "
++"de domaines de confiance\n"
++"d'être assimilés aux groupes POSIX locaux en vue d'utiliser réellement les "
++"ressources IPA.\n"
++"Des membres externes peuvent être ajoutés aux groupes spécifiquement crées "
++"comme\n"
++"externes et non-POSIX. Un tel groupe peut plus tard être incorporé dans un "
++"des groupes\n"
++"POSIX\n"
++"\n"
++"Un membre de groupe externe est actuellement identifié par un « Security "
++"Identifier (SID) » tel que défini pour\n"
++"le domaine de confiance. En ajoutant des membres de groupe externe, il est "
++"possible de les\n"
++"définir au format, soit SID, soit DOM\\name, soit name at domain. IPA essayera\n"
++"de résoudre le nom passé en SID en se servant du « Global Catalog » des "
++"domaines de confiance.\n"
++"\n"
++"Exemple:\n"
++"\n"
++"1. Créer un groupe par assimilation au domaine de confiance « admins » et à "
++"leur groupe POSIX local :\n"
++"\n"
++" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
++"--external\n"
++" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
++"\n"
++"2. Ajouter l'identifiant de sécurité <ad.domain> de « Domain Admins » au "
++"groupe\n"
++" externe ad_admins_external :\n"
++"\n"
++" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
++"\n"
++"3. Autoriser des membres du groupe ad_admins_external à être associés au "
++"groupe POSIX ad_admins :\n"
++"\n"
++" ipa group-add-member ad_admins --groups ad_admins_external\n"
++"\n"
++"4. Lister les membres externes du groupe ad_admins_external pour voir leur "
++"SID :\n"
++"\n"
++" ipa group-show ad_admins_external\n"
++
+ msgid "group"
+ msgstr "groupe"
+
+@@ -4161,6 +4525,414 @@ msgstr "Ajouter des membres à un groupe de services HBAC."
+ msgid "Remove members from an HBAC service group."
+ msgstr "Supprimer des membres d'un groupe de services HBAC."
+
++msgid ""
++"\n"
++"Simulate use of Host-based access controls\n"
++"\n"
++"HBAC rules control who can access what services on what hosts.\n"
++"You can use HBAC to control which users or groups can access a service,\n"
++"or group of services, on a target host.\n"
++"\n"
++"Since applying HBAC rules implies use of a production environment,\n"
++"this plugin aims to provide simulation of HBAC rules evaluation without\n"
++"having access to the production environment.\n"
++"\n"
++" Test user coming to a service on a named host against\n"
++" existing enabled rules.\n"
++"\n"
++" ipa hbactest --user= --host= --service=\n"
++" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
++" [--sizelimit= ]\n"
++"\n"
++" --user, --host, and --service are mandatory, others are optional.\n"
++"\n"
++" If --rules is specified simulate enabling of the specified rules and test\n"
++" the login of the user using only these rules.\n"
++"\n"
++" If --enabled is specified, all enabled HBAC rules will be added to "
++"simulation\n"
++"\n"
++" If --disabled is specified, all disabled HBAC rules will be added to "
++"simulation\n"
++"\n"
++" If --nodetail is specified, do not return information about rules matched/"
++"not matched.\n"
++"\n"
++" If both --rules and --enabled are specified, apply simulation to --rules "
++"_and_\n"
++" all IPA enabled rules.\n"
++"\n"
++" If no --rules specified, simulation is run against all IPA enabled rules.\n"
++" By default there is a IPA-wide limit to number of entries fetched, you can "
++"change it\n"
++" with --sizelimit option.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" 1. Use all enabled HBAC rules in IPA database to simulate:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Not matched rules: my-second-rule\n"
++" Not matched rules: my-third-rule\n"
++" Not matched rules: myrule\n"
++" Matched rules: allow_all\n"
++"\n"
++" 2. Disable detailed summary of how rules were applied:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++"\n"
++" 3. Test explicitly specified HBAC rules:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
++" --rules=myrule --rules=my-second-rule\n"
++" ---------------------\n"
++" Access granted: False\n"
++" ---------------------\n"
++" Not matched rules: my-second-rule\n"
++" Not matched rules: myrule\n"
++"\n"
++" 4. Use all enabled HBAC rules in IPA database + explicitly specified "
++"rules:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
++" --rules=myrule --rules=my-second-rule --enabled\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Not matched rules: my-second-rule\n"
++" Not matched rules: my-third-rule\n"
++" Not matched rules: myrule\n"
++" Matched rules: allow_all\n"
++"\n"
++" 5. Test all disabled HBAC rules in IPA database:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
++" ---------------------\n"
++" Access granted: False\n"
++" ---------------------\n"
++" Not matched rules: new-rule\n"
++"\n"
++" 6. Test all disabled HBAC rules in IPA database + explicitly specified "
++"rules:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
++" --rules=myrule --rules=my-second-rule --disabled\n"
++" ---------------------\n"
++" Access granted: False\n"
++" ---------------------\n"
++" Not matched rules: my-second-rule\n"
++" Not matched rules: my-third-rule\n"
++" Not matched rules: myrule\n"
++"\n"
++" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
++" --enabled --disabled\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Not matched rules: my-second-rule\n"
++" Not matched rules: my-third-rule\n"
++" Not matched rules: myrule\n"
++" Not matched rules: new-rule\n"
++" Matched rules: allow_all\n"
++"\n"
++"\n"
++"HBACTEST AND TRUSTED DOMAINS\n"
++"\n"
++"When an external trusted domain is configured in IPA, HBAC rules are also "
++"applied\n"
++"on users accessing IPA resources from the trusted domain. Trusted domain "
++"users and\n"
++"groups (and their SIDs) can be then assigned to external groups which can "
++"be\n"
++"members of POSIX groups in IPA which can be used in HBAC rules and thus "
++"allowing\n"
++"access to resources protected by the HBAC system.\n"
++"\n"
++"hbactest plugin is capable of testing access for both local IPA users and "
++"users\n"
++"from the trusted domains, either by a fully qualified user name or by user "
++"SID.\n"
++"Such user names need to have a trusted domain specified as a short name\n"
++"(DOMAIN\\Administrator) or with a user principal name (UPN), "
++"Administrator at ad.test.\n"
++"\n"
++"Please note that hbactest executed with a trusted domain user as --user "
++"parameter\n"
++"can be only run by members of \"trust admins\" group.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" 1. Test if a user from a trusted domain specified by its shortname "
++"matches any\n"
++" rule:\n"
++"\n"
++" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
++"service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Matched rules: can_login\n"
++"\n"
++" 2. Test if a user from a trusted domain specified by its domain name "
++"matches\n"
++" any rule:\n"
++"\n"
++" $ ipa hbactest --user 'Administrator at domain.com' --host `hostname` --"
++"service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Matched rules: can_login\n"
++"\n"
++" 3. Test if a user from a trusted domain specified by its SID matches any "
++"rule:\n"
++"\n"
++" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n"
++" --host `hostname` --service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Matched rules: can_login\n"
++"\n"
++" 4. Test if other user from a trusted domain specified by its SID matches "
++"any rule:\n"
++"\n"
++" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n"
++" --host `hostname` --service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Not matched rules: can_login\n"
++"\n"
++" 5. Test if other user from a trusted domain specified by its shortname "
++"matches\n"
++" any rule:\n"
++"\n"
++" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
++"sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Not matched rules: can_login\n"
++msgstr ""
++"\n"
++"Simuler l'utilisation des contrôles d'accès fondés sur l'hôte\n"
++"\n"
++"Les règles HBAC contrôlent qui peut accéder à quel service sur quels hôtes.\n"
++"Vous pouvez utiliser HBAC pour contrôler quels utilisateurs ou quels "
++"groupes\n"
++"peuvent accéder à un service ou à un groupe de services, sur un hôte cible.\n"
++"\n"
++"Comme l'application des règles HBAC suppose l'utilisation d'un environnement "
++"de\n"
++"production, ce greffon vise à fournir une simulation de l'évaluation des "
++"règles\n"
++"HBAC sans nécessiter l'accès à l'environnement de production.\n"
++"\n"
++" Testez les règles existantes activées au regard de l'arrivée d'un "
++"utilisateur\n"
++" sur un service sur un hôte donné.\n"
++"\n"
++"ipa hbactest --user= --host= --service=⏎\n"
++" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]⏎\n"
++" [--sizelimit= ]\n"
++"\n"
++" --user, --host et --service sont obligatoires, les autres sont "
++"optionnelles.\n"
++"\n"
++" Si --rules est défini, l'activation des règles indiquées est simulée et\n"
++" l'identifiant de l'utilisateur est testé uniquement sur ces règles.\n"
++"\n"
++" Si --enabled est défini, toutes les règles HBAC activées sont ajoutées à "
++"la\n"
++" simulation\n"
++"\n"
++" Si --disabled est défini, toutes les règles HBAC désactivées sont ajoutées\n"
++" à la simulation\n"
++"\n"
++" Si --nodetail est défini, il n'est pas renvoyé d'information sur les règles "
++"en correspondance ou pas.\n"
++"\n"
++" Si --rules et --enabled sont définis tous deux, la simulation sera "
++"appliquée à\n"
++" --rules _et_ à tous les règles IPA activées.\n"
++"\n"
++" Si --rules n'est pas défini, la simulation est lancée avec toutes les "
++"règles\n"
++" IPA activées. Par défaut, il existe une limite globale à IPA sur le nombre\n"
++" d'entrées renvoyées, vous pouvez la modifier avec l'option --sizelimit.\n"
++"\n"
++" Si --srchost est spécifié, elle sera ignorée. Elle est conservée pour des\n"
++" raisons de compatibilité uniquement.\n"
++"\n"
++"EXEMPLES :\n"
++"\n"
++" 1. Utiliser toutes les règles HBAC activées dans IPA pour la "
++"simulation :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" notmatched: my-second-rule\n"
++" notmatched: my-third-rule\n"
++" notmatched: myrule\n"
++" matched: allow_all\n"
++"\n"
++" 2. Désactiver le résumé détaillé de la façon dont les règles sont "
++"appliquées :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++"\n"
++" 3. Tester explicitement les règles HBAC spécifiées :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \n"
++"--rules=my-second-rule,myrule\n"
++" ---------------------\n"
++" Access granted: False\n"
++" ---------------------\n"
++" notmatched: my-second-rule\n"
++" notmatched: myrule\n"
++"\n"
++" 4. Utiliser toutes les règles HBAC activées de la base de données IPA + "
++"les règles explicitement définies :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \n"
++"--rules=my-second-rule,myrule --enabled\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" notmatched: my-second-rule\n"
++" notmatched: my-third-rule\n"
++" notmatched: myrule\n"
++" matched: allow_all\n"
++"\n"
++" 5. Tester toutes les règles HBAC désactivées de la base de données "
++"IPA :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
++" ---------------------\n"
++" Access granted: False\n"
++" ---------------------\n"
++" notmatched: new-rule\n"
++"\n"
++" 6. Tester toutes les règles HBAC désactivées de la base de données IPA + "
++"les règles explicitement définies :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \n"
++"--rules=my-second-rule,myrule --disabled\n"
++" ---------------------\n"
++" Access granted: False\n"
++" ---------------------\n"
++" notmatched: my-second-rule\n"
++" notmatched: my-third-rule\n"
++" notmatched: myrule\n"
++"\n"
++" 7. Tester toutes les règles HBAC (activées et desactivées) de la base de "
++"données IPA :\n"
++" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
++" --enabled --disabled\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" notmatched: my-second-rule\n"
++" notmatched: my-third-rule\n"
++" notmatched: myrule\n"
++" notmatched: new-rule\n"
++" matched: allow_all\n"
++"\n"
++"\n"
++"TEST HBAC ET DOMAINES DE CONFIANCE\n"
++"\n"
++"Quand un domaine externe de confiance est configuré dans IPA, les règles "
++"HBAC sont aussi appliquées\n"
++"aux utilisateurs accédant aux ressources IPA à partir du domaine de "
++"confiance. Les utilisateurs des domaines de confiance et\n"
++"les groupes (et leurs SID) peuvent être assignés à des groupes externes "
++"pouvant être\n"
++"membres de groupes POSIX dans IPA intégrables dans les règles HBAC, ce qui "
++"autorise\n"
++"un accès aux ressources protégées par le système HBAC.\n"
++"\n"
++"Un greffon hbactest est capable de tester des accès à la fois des "
++"utilisateurs IPA locaux et des utilisateurs\n"
++"de domaines de confiance avec, soit le nom d'utilisateur pleinement "
++"qualifié, soit le SID utilisateur.\n"
++"De tels noms d'utilisateur doivent avoir un domaine de confiance précisé en "
++"nom court\n"
++"(DOMAINE/Administrateur) ou avec un nom de principal (UPN), "
++"Administrator at ad.test.\n"
++"\n"
++"Veuillez noter que hbactest exécuté avec un utilisateur de domaine de "
++"confiance en tant que paramètre --user\n"
++"ne peut être lancé que des membres du groupe des « administrateurs de "
++"confiance ».\n"
++"\n"
++"EXEMPLES :\n"
++"\n"
++" 1. Tester si un utilisateur d'un domaine de confiance défini par son nom "
++"court\n"
++" s'accorde à toute règle :\n"
++"\n"
++" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
++"service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Matched rules: can_login\n"
++"\n"
++" 2. Tester si un utilisateur d'un domaine de confiance défini par son nom "
++"de domaine\n"
++" s'accorde à toute règle :\n"
++"\n"
++" $ ipa hbactest --user 'Administrator at domain.com' --host `hostname` --"
++"service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Matched rules: can_login\n"
++"\n"
++" 3. Tester si un utilisateur d'un domaine de confiance défini par son "
++"SID\n"
++" s'accorde à toute règle :\n"
++"\n"
++" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n"
++" --host `hostname` --service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Matched rules: can_login\n"
++"\n"
++" 4. Tester si un autre utilisateur d'un domaine de confiance défini par "
++"son SID\n"
++" s'accorde à toute règle :\n"
++"\n"
++" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n"
++" --host `hostname` --service sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Not matched rules: can_login\n"
++"\n"
++" 5. Tester si un autre utilisateur d'un domaine de confiance défini par "
++"son nom court\n"
++" s'accorde à toute règle :\n"
++"\n"
++" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
++"sshd\n"
++" --------------------\n"
++" Access granted: True\n"
++" --------------------\n"
++" Matched rules: allow_all\n"
++" Not matched rules: can_login\n"
++
+ msgid "Simulate use of Host-based access controls"
+ msgstr "Simulation de règles de contrôle d'accès basé sur les systèmes"
+
+@@ -4627,6 +5399,312 @@ msgstr "Ajouter des membres à un groupe de systèmes."
+ msgid "Remove members from a hostgroup."
+ msgstr "Supprimer des membres d'un groupe de systèmes."
+
++msgid ""
++"\n"
++"ID ranges\n"
++"\n"
++"Manage ID ranges used to map Posix IDs to SIDs and back.\n"
++"\n"
++"There are two type of ID ranges which are both handled by this utility:\n"
++"\n"
++" - the ID ranges of the local domain\n"
++" - the ID ranges of trusted remote domains\n"
++"\n"
++"Both types have the following attributes in common:\n"
++"\n"
++" - base-id: the first ID of the Posix ID range\n"
++" - range-size: the size of the range\n"
++"\n"
++"With those two attributes a range object can reserve the Posix IDs starting\n"
++"with base-id up to but not including base-id+range-size exclusively.\n"
++"\n"
++"Additionally an ID range of the local domain may set\n"
++" - rid-base: the first RID(*) of the corresponding RID range\n"
++" - secondary-rid-base: first RID of the secondary RID range\n"
++"\n"
++"and an ID range of a trusted domain must set\n"
++" - rid-base: the first RID of the corresponding RID range\n"
++" - sid: domain SID of the trusted domain\n"
++"\n"
++"\n"
++"\n"
++"EXAMPLE: Add a new ID range for a trusted domain\n"
++"\n"
++"Since there might be more than one trusted domain the domain SID must be "
++"given\n"
++"while creating the ID range.\n"
++"\n"
++" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n"
++" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
++"\n"
++"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
++"assign Posix UIDs to users from the trusted domain.\n"
++"\n"
++"If e.g a range for a trusted domain is configured with the following "
++"values:\n"
++" base-id = 1200000\n"
++" range-size = 200000\n"
++" rid-base = 0\n"
++"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
++"So\n"
++"RID 1000 <-> Posix ID 1201000\n"
++"\n"
++"\n"
++"\n"
++"EXAMPLE: Add a new ID range for the local domain\n"
++"\n"
++"To create an ID range for the local domain it is not necessary to specify a\n"
++"domain SID. But since it is possible that a user and a group can have the "
++"same\n"
++"value as Posix ID a second RID interval is needed to handle conflicts.\n"
++"\n"
++" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n"
++" --secondary-rid-base=1000000 local_range\n"
++"\n"
++"The data from the ID ranges of the local domain are used by the IPA server\n"
++"internally to assign SIDs to IPA users and groups. The SID will then be "
++"stored\n"
++"in the user or group objects.\n"
++"\n"
++"If e.g. the ID range for the local domain is configured with the values "
++"from\n"
++"the example above then a new user with the UID 1200007 will get the RID "
++"1007.\n"
++"If this RID is already used by a group the RID will be 1000007. This can "
++"only\n"
++"happen if a user or a group object was created with a fixed ID because the\n"
++"automatic assignment will not assign the same ID twice. Since there are "
++"only\n"
++"users and groups sharing the same ID namespace it is sufficient to have "
++"only\n"
++"one fallback range to handle conflicts.\n"
++"\n"
++"To find the Posix ID for a given RID from the local domain it has to be\n"
++"checked first if the RID falls in the primary or secondary RID range and\n"
++"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
++"and the base-id has to be added to get the Posix ID.\n"
++"\n"
++"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
++"must not be used at all. The ID range for the local domain will be created\n"
++"during installation or upgrade from an older version. The ID range for a\n"
++"trusted domain will be created together with the trust by 'ipa trust-"
++"add ...'.\n"
++"\n"
++"USE CASES:\n"
++"\n"
++" Add an ID range from a transitively trusted domain\n"
++"\n"
++" If the trusted domain (A) trusts another domain (B) as well and this "
++"trust\n"
++" is transitive 'ipa trust-add domain-A' will only create a range for\n"
++" domain A. The ID range for domain B must be added manually.\n"
++"\n"
++" Add an additional ID range for the local domain\n"
++"\n"
++" If the ID range of the local domain is exhausted, i.e. no new IDs can "
++"be\n"
++" assigned to Posix users or groups by the DNA plugin, a new range has to "
++"be\n"
++" created to allow new users and groups to be added. (Currently there is "
++"no\n"
++" connection between this range CLI and the DNA plugin, but a future "
++"version\n"
++" might be able to modify the configuration of the DNS plugin as well)\n"
++"\n"
++"In general it is not necessary to modify or delete ID ranges. If there is "
++"no\n"
++"other way to achieve a certain configuration than to modify or delete an ID\n"
++"range it should be done with great care. Because UIDs are stored in the "
++"file\n"
++"system and are used for access control it might be possible that users are\n"
++"allowed to access files of other users if an ID range got deleted and "
++"reused\n"
++"for a different domain.\n"
++"\n"
++"(*) The RID is typically the last integer of a user or group SID which "
++"follows\n"
++"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
++"from\n"
++"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of "
++"the\n"
++"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
++"groups.\n"
++"\n"
++"WARNING:\n"
++"\n"
++"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
++"the\n"
++"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
++"based\n"
++"on the local ranges set via this family of commands.\n"
++"\n"
++"Manual configuration change has to be done in the DNA plugin configuration "
++"for\n"
++"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
++"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
++"be\n"
++"modified to match the new range.\n"
++msgstr ""
++"\n"
++"Plages d'identifiants\n"
++"\n"
++"Gérer les plages d'ID faisant correspondre les ID Posix avec les SID et "
++"inversement.\n"
++"\n"
++"Il y a deux types de plages d'ID gérées par cet utilitaire :\n"
++"\n"
++" - les plages d'ID du domaine local\n"
++" - les plages d'ID des domaines de confiance distants\n"
++"\n"
++"Les deux types ont les attributs suivants en commun :\n"
++"\n"
++" - base-id: le premier ID de la plage des ID Posix\n"
++" - range-size: la taille de la plage\n"
++"\n"
++"Avec ces deux attributs un objet plage peut réserver le point de départ des "
++"ID Posix\n"
++"avec base-id jusqu'à base-id+range-size non inclus exclusivement.\n"
++"\n"
++"En plus une plage d'ID du domaine local peut déterminer\n"
++" - rid-base : le premier RID(*) de la plage de RID correspondante\n"
++" - secondary-rid-base : le premier RID de la plage RID secondaire\n"
++"\n"
++"et une plage d'ID d'un domaine de confiance peut déterminer\n"
++" - rid-base : le premier RID de la plage de RID correspondante\n"
++" - sid : le domaine SID du domaine de confiance\n"
++"\n"
++"\n"
++"\n"
++"EXEMPLE : Ajouter une nouvelle plage d'ID pour un domaine de confiance\n"
++"\n"
++"Étant donné qu'il peut y avoir plus d'un domaine de confiance, le SID du "
++"domaine\n"
++"doit être donné lors de la création de la plage.\n"
++"\n"
++" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n"
++" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
++"\n"
++"Cette plage d'ID est ensuite utilisée par le serveur IPA et le fournisseur "
++"SSSD IPA pour\n"
++"assigner des UID Posix aux utilisateurs du domaine de confiance.\n"
++"\n"
++"Si par ex. une plage pour un domaine de confiance est configurée avec les "
++"valeurs suivantes :\n"
++" base-id = 1200000\n"
++" range-size = 200000\n"
++" rid-base = 0\n"
++"les RID de 0 à 199999 sont associés aux ID Posix de 1200000 à 13999999. "
++"Donc\n"
++"RID 1000 <-> Posix ID 1201000\n"
++"\n"
++"\n"
++"\n"
++"EXEMPLE: Ajouter une nouvelle plage d'ID pour le domaine local\n"
++"\n"
++"Pour créer une plage d'ID pour le domaine local il n'est pas nécessaire de "
++"définir un\n"
++"SID de domaine. Mais comme il est possible qu'un utilisateur et un groupe "
++"aient une même \n"
++"valeur comme ID Posix un second intervalle RID est nécessaire pour éviter "
++"les conflits.\n"
++"\n"
++" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n"
++" --secondary-rid-base=1000000 local_range\n"
++"\n"
++"Les données des plages d'ID du domaine local sont utilisées en interne par "
++"le serveur IPA\n"
++"pour assigner des SID aux utilisateurs et aux groupes IPA. Le SID sera alors "
++"enregistré\n"
++"dans les objets utilisateur ou groupe.\n"
++"\n"
++"Si par ex. la plage d'ID du domaine local est configurée pour les valeurs "
++"de\n"
++"l'exemple ci-dessus alors un nouvel utilisateur avec l'UID 1200007 aura le "
++"RID 1007.\n"
++"Si ce RID est déjà utilié par un groupe le RID sera 1000007. Ceci ne peut "
++"arriver\n"
++"que si un objet utilisateur ou groupe a été créé avec un ID donné parce que\n"
++"l'assignation automatique n'assigne pas le même ID deux fois. Étant donné "
++"qu'il n'y a que\n"
++"les utilisateurs et les groupes partageant le même ID de nom d'espace, il "
++"suffit d'avoir\n"
++"une seule plage de recours pour gérer les conflits.\n"
++"\n"
++"Pour trouver l'ID Posix pour un RID donné dans le domaine local il faut "
++"d'abord\n"
++"vérifier si le RID tombe dans la première ou la deuxième plage de RID ;\n"
++"le rid-base ou le secondary-rid-base seront respectivement à soustraire,\n"
++"et le base-id à ajouter pour obtenir l'ID Posix.\n"
++"\n"
++"Généralement la création des plages d'ID s'effectue en arrière-plan et ce "
++"CLI\n"
++"n'a pas besoin d'être du tout utilisé. Les plages d'ID pour le domaine local "
++"seront créées\n"
++"à l'installation ou au cours de la mise à jour d'une version précédente. La "
++"plage d'ID pour un\n"
++"domaine de confiance sera créé en même temps que la confiance par 'ipa trust-"
++"add ...'.\n"
++"\n"
++"CAS PRATIQUES :\n"
++"\n"
++" Ajouter une plage d'ID pour un domaine de confiance par transition\n"
++"\n"
++" Si le domaine de confiance (A) fait confiance à un domaine (B) et que "
++"cette confiance\n"
++" est transitive 'ipa trust-add domain-A' ne créera de plage que pour le "
++"domaine A.\n"
++" La plage d'ID pour le domaine B doit être ajoutée manuellement.\n"
++"\n"
++" Ajouter une plage d'ID supplémentaire pour le domaine local\n"
++"\n"
++" Si la plage d'ID du domaine local est épuisée, i.e. qu'aucun nouvel ID "
++"ne peut être\n"
++" assigné aux utilisateurs ou groupes Posix par le greffon DNA, il faut "
++"créer une nouvelle\n"
++" plage pour permettre l'ajout de nouveaux utilisateurs ou groupes "
++"(actuellement il n'y a\n"
++" pas de connexion entre cette plage CLI et le greffon DNA, mais une "
++"future version\n"
++" sera capable de modifier de même la configuration du greffon DNS).\n"
++"\n"
++"En règle générale il n'est pas nécessaire de modifier ou supprimer les "
++"plages d'ID. S'il\n"
++"n'y a pas d'autre moyen de mener à bien un configuration donnée qu'en "
++"modifiant ou supprimant\n"
++"une plage d'ID cela doit être fait avec grand soin. Comme les UID sont "
++"enregistrés dans le\n"
++"fichier système et sont utilisés pour les contrôles d'accès il se pourrait "
++"que des\n"
++"utilisateurs soit autorisés à avoir accès à des fichiers d'autres "
++"utilisateurs si une plage\n"
++"d'ID a été détruite puis réutilisée pour un domaine différent.\n"
++"\n"
++"(*) Le RID est généralement le dernier entier du SID d'un utilisateur ou "
++"d'un groupe suivant\n"
++"le SID du domaine. Ex. si le SID du domaine est S-1-5-21-123-456-789 et "
++"qu'un utilisateur de\n"
++"ce domaine a le SID S-1-5-21-123-456-789-1010, alors 010 est le RID de "
++"l'utilisateur. Les RID\n"
++"sont uniques dans un domaine, ce sont des valeurs sur 32 bits utilisées pour "
++"les utilisateurs\n"
++"et les groupes.\n"
++"\n"
++"AVERTISSEMENT :\n"
++"\n"
++"Le greffon DNA dans 389-ds alloue des ID selon les plages configurées pour "
++"le\n"
++"domaine local. Actuellement le greffon DNA *ne peut pas* être lui-même "
++"reconfiguré selon\n"
++"les plages locales définies par cette famille de commandes.\n"
++"\n"
++"Une modification manuelle de la configuration du greffon DNA doit être "
++"effectuée pour\n"
++"la nouvelle plage locale. Généralement, l'attribut dnaNextRange de "
++"« cn=Posix\n"
++"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config » doit "
++"être\n"
++"modifié pour correspondre à la nouvelle plage.\n"
++
+ msgid "ID Ranges"
+ msgstr "Plages d'ID"
+
+@@ -4700,6 +5778,84 @@ msgstr ""
+ msgid "SID is not recognized as a valid SID for a trusted domain"
+ msgstr "Le SID n'est pas reconnu comme SID valide pour un domaine approuvé"
+
++msgid ""
++"\n"
++" Add new ID range.\n"
++"\n"
++" To add a new ID range you always have to specify\n"
++"\n"
++" --base-id\n"
++" --range-size\n"
++"\n"
++" Additionally\n"
++"\n"
++" --rid-base\n"
++" --secondary-rid-base\n"
++"\n"
++" may be given for a new ID range for the local domain while\n"
++"\n"
++" --rid-base\n"
++" --dom-sid\n"
++"\n"
++" must be given to add a new range for a trusted AD domain.\n"
++"\n"
++" WARNING:\n"
++"\n"
++" DNA plugin in 389-ds will allocate IDs based on the ranges configured "
++"for the\n"
++" local domain. Currently the DNA plugin *cannot* be reconfigured itself "
++"based\n"
++" on the local ranges set via this family of commands.\n"
++"\n"
++" Manual configuration change has to be done in the DNA plugin "
++"configuration for\n"
++" the new local range. Specifically, The dnaNextRange attribute of "
++"'cn=Posix\n"
++" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has "
++"to be\n"
++" modified to match the new range.\n"
++" "
++msgstr ""
++"\n"
++"Ajouter une nouvelle plage d'identifiants.\n"
++"\n"
++"Pour ajouter une nouvelle plage d'identifiants vous devez toujours préciser\n"
++"\n"
++"--base-id\n"
++"--range-size\n"
++"\n"
++"En outre\n"
++"\n"
++"--rid-base\n"
++"--secondary-rid-base\n"
++"\n"
++"doivent être indiqués pour une nouvelle plage d'identifiants dans le domaine "
++"local alors que\n"
++"\n"
++"--rid-base\n"
++"--dom-sid\n"
++"\n"
++"doivent l'être pour ajouter une nouvelle plage pour un domaine AD de "
++"confiance.\n"
++"\n"
++"AVERTISSEMENT :\n"
++"\n"
++"Le greffon DNA dans 389-ds allouera des ID suivant les plages configurées au "
++"titre du\n"
++"domaine local. Actuellement le greffon DNA *ne peut pas* être lui-même "
++"reconfiguré selon\n"
++"les plages locales définies par l'intermédiaire de cette famille de "
++"commandes.\n"
++"\n"
++"Un changement manuel de configuration doit être opéré dans la configuration "
++"du greffon DNA pour\n"
++"la nouvelle plage locale. En particulier, l'attribut dnaNextRange de "
++"« cn=Posix\n"
++"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config » doivent "
++"être modifiés\n"
++"pour correspondre à cette nouvelle plage.\n"
++" "
++
+ #, python-format
+ msgid "Added ID range \"%(value)s\""
+ msgstr "Plage d'ID « %(value)s » ajoutée"
+@@ -6098,6 +7254,227 @@ msgstr "Afficher la politique de ticket Kerberos."
+ msgid "Reset Kerberos ticket policy to the default values."
+ msgstr "Réinitialiser la politique de ticket Kerberos."
+
++msgid ""
++"\n"
++"Migration to IPA\n"
++"\n"
++"Migrate users and groups from an LDAP server to IPA.\n"
++"\n"
++"This performs an LDAP query against the remote server searching for\n"
++"users and groups in a container. In order to migrate passwords you need\n"
++"to bind as a user that can read the userPassword attribute on the remote\n"
++"server. This is generally restricted to high-level admins such as\n"
++"cn=Directory Manager in 389-ds (this is the default bind user).\n"
++"\n"
++"The default user container is ou=People.\n"
++"\n"
++"The default group container is ou=Groups.\n"
++"\n"
++"Users and groups that already exist on the IPA server are skipped.\n"
++"\n"
++"Two LDAP schemas define how group members are stored: RFC2307 and\n"
++"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n"
++"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n"
++"\n"
++"The schema compat feature allows IPA to reformat data for systems that\n"
++"do not support RFC2307bis. It is recommended that this feature is disabled\n"
++"during migration to reduce system overhead. It can be re-enabled after\n"
++"migration. To migrate with it enabled use the \"--with-compat\" option.\n"
++"\n"
++"Migrated users do not have Kerberos credentials, they have only their\n"
++"LDAP password. To complete the migration process, users need to go\n"
++"to http://ipa.example.com/ipa/migration and authenticate using their\n"
++"LDAP password in order to generate their Kerberos credentials.\n"
++"\n"
++"Migration is disabled by default. Use the command ipa config-mod to\n"
++"enable it:\n"
++"\n"
++" ipa config-mod --enable-migration=TRUE\n"
++"\n"
++"If a base DN is not provided with --basedn then IPA will use either\n"
++"the value of defaultNamingContext if it is set or the first value\n"
++"in namingContexts set in the root of the remote LDAP server.\n"
++"\n"
++"Users are added as members to the default user group. This can be a\n"
++"time-intensive task so during migration this is done in a batch\n"
++"mode for every 100 users. As a result there will be a window in which\n"
++"users will be added to IPA but will not be members of the default\n"
++"user group.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" The simplest migration, accepting all defaults:\n"
++" ipa migrate-ds ldap://ds.example.com:389\n"
++"\n"
++" Specify the user and group container. This can be used to migrate user\n"
++" and group data from an IPA v1 server:\n"
++" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
++" --group-container='cn=groups,cn=accounts' \\\n"
++" ldap://ds.example.com:389\n"
++"\n"
++" Since IPA v2 server already contain predefined groups that may collide "
++"with\n"
++" groups in migrated (IPA v1) server (for example admins, ipausers), users\n"
++" having colliding group as their primary group may happen to belong to\n"
++" an unknown group on new IPA v2 server.\n"
++" Use --group-overwrite-gid option to overwrite GID of already existing "
++"groups\n"
++" to prevent this issue:\n"
++" ipa migrate-ds --group-overwrite-gid \\\n"
++" --user-container='cn=users,cn=accounts' \\\n"
++" --group-container='cn=groups,cn=accounts' \\\n"
++" ldap://ds.example.com:389\n"
++"\n"
++" Migrated users or groups may have object class and accompanied attributes\n"
++" unknown to the IPA v2 server. These object classes and attributes may be\n"
++" left out of the migration process:\n"
++" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
++" --group-container='cn=groups,cn=accounts' \\\n"
++" --user-ignore-objectclass=radiusprofile \\\n"
++" --user-ignore-attribute=radiusgroupname \\\n"
++" ldap://ds.example.com:389\n"
++"\n"
++"LOGGING\n"
++"\n"
++"Migration will log warnings and errors to the Apache error log. This\n"
++"file should be evaluated post-migration to correct or investigate any\n"
++"issues that were discovered.\n"
++"\n"
++"For every 100 users migrated an info-level message will be displayed to\n"
++"give the current progress and duration to make it possible to track\n"
++"the progress of migration.\n"
++"\n"
++"If the log level is debug, either by setting debug = True in\n"
++"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be "
++"printed\n"
++"for each user added plus a summary when the default user group is\n"
++"updated.\n"
++msgstr ""
++"\n"
++"Migration vers IPA\n"
++"\n"
++"Faire migrer des utilisateurs et des groupes d'un serveur LDAP vers IPA.\n"
++"\n"
++"Ceci réalise une requête LDAP sur le serveur distant pour rechercher\n"
++"utilisateurs et groupes dans un conteneur. Pour faire migrer les mots de "
++"passe, vous devez\n"
++"vous connecter en tant qu'utilisateur capable de lire l'attribut "
++"userPassword sur le serveur\n"
++"distant. La chose est généralement réservée aux administrateurs de haut "
++"niveau comme le\n"
++"cn=Directory Manager dans 389-ds (utilisateur de la connexion par défaut).\n"
++"\n"
++"Par défaut, le conteneur utilisateur est ou=People.\n"
++"\n"
++"Par défaut, le conteneur groupe est ou=Groups.\n"
++"\n"
++"Utilisateurs et groupes préexistants sur le serveur IPA sont laissés de "
++"côté.\n"
++"\n"
++"Deux schémas LDAP définissent comment les membres du groupe sont "
++"enregistrés : RFC2307 et\n"
++"RFC2307bis. RFC2307bis utilise member et uniquemember pour définir les "
++"membres du groupe,\n"
++"RFC2307 utilise memberUid. Le schéma par défaut est RFC2307bis.\n"
++"\n"
++"La fonctionnalité du schéma compat autorise IPA à formater à nouveau les "
++"données pour les\n"
++"systèmes ne prenant pas en charge RFC2307bis. Il est recommandé de "
++"désactiver cette fonction\n"
++"pendant la migration pour éviter des dépassements de capacité. Vous la "
++"réactiverez après\n"
++"migration. Pour faire la migration avec la fonction activée,utilisez "
++"l'option \"--with-compat\".\n"
++"\n"
++"Les utilisateurs émigrés n'ont pas de références Kerberos, ils n'ont que "
++"leur mot de passe\n"
++"LDAP. Pour achever le processus de migration, les utilisateurs doivent aller "
++"à la page\n"
++"http://ipa.example.com/ipa/migration et s'authentifier en utilisant leur mot "
++"de passe\n"
++"LDAP pour générer leur justificatif d'identité Kerberos.\n"
++"\n"
++"Par défaut, la migration est désactivée. Utilisez la commande ipa config-mod "
++"pour\n"
++"l'activer :\n"
++"\n"
++" ipa config-mod --enable-migration=TRUE\n"
++"\n"
++"Si un DN de base n'est pas indiqué avec --basedn, IPA utilise alors, soit\n"
++"la valeur de defaultNamingContext si elle est définie, soit la première "
++"valeur fixée\n"
++"dans namingContexts dans la racine du serveur LDAP distant.\n"
++"\n"
++"Les utilisateurs sont ajoutés comme membres du groupe utilisateur par "
++"défaut. Cela peut être\n"
++"une tâche consommatrice de temps, ainsi pendant la migration cela se fait en "
++"mode batch\n"
++"tous les 100 utilisateurs. Il en résulte une fenêtre dans laquelle les "
++"utilisateurs sont\n"
++"ajoutés à IPA mais sans être des membres du groupe d'utilisateurs par "
++"défaut.\n"
++"\n"
++"\n"
++"EXEMPLES :\n"
++"\n"
++" La migration la plus simple, acceptant tous les paramètres par défaut :\n"
++" ipa migrate-ds ldap://ds.example.com:389\n"
++"\n"
++" En précisant le conteneur utilisateur et groupe. S'utilise pour migrer les "
++"données\n"
++" utilisateur et groupe d'un serveur IPA v1 :\n"
++" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
++" --group-container='cn=groups,cn=accounts' \\\n"
++" ldap://ds.example.com:389\n"
++"\n"
++" Comme un serveur IPA v2 comporte déjà des groupes prédéfinis pouvant entrer "
++"en conflit avec\n"
++" des groupes du serveur IPA v1) migré (par exemple admins, ipausers), des "
++"utilisateurs avec\n"
++" un groupe conflictuel comme groupe principal peuvent se voir rattachés à un "
++"groupe inconnu\n"
++" sur le nouveau serveur IPA v2.\n"
++" Utilisez l'option --group-overwrite-gid pour écraser le GID des groupes "
++"préexistants\n"
++" afin d'éviter ce problème :\n"
++" ipa migrate-ds --group-overwrite-gid \\\n"
++" --user-container='cn=users,cn=accounts' \\\n"
++" --group-container='cn=groups,cn=accounts' \\\n"
++" ldap://ds.example.com:389\n"
++"\n"
++" Des utilisateurs ou des groupes migrés peuvent posséder des classes d'objet "
++"et des attributs\n"
++" accompagnants inconnus du serveur IPA v2. Ces classes d'objets et attributs "
++"doivent être\n"
++" tenus hors du processus de migration :\n"
++" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
++" --group-container='cn=groups,cn=accounts' \\\n"
++" --user-ignore-objectclass=radiusprofile \\\n"
++" --user-ignore-attribute=radiusgroupname \\\n"
++" ldap://ds.example.com:389\n"
++"\n"
++"JOURNALISATION\n"
++"\n"
++"La migration déclenchera des avertissements et des erreurs sur le journal "
++"d'erreurs Apache.\n"
++"Ce fichier devra être examiné après la migration pour corriger ou enquêter "
++"sur tout problème\n"
++"qui apparaîtrait.\n"
++"\n"
++"Tous les 100 utilisateurs migrés un message de niveau info est affiché "
++"indiquant\n"
++"l'avancement en cours et la durée écoulée pour permettre un suivi du "
++"processus\n"
++"de progression de la migration.\n"
++"\n"
++"Si le niveau de journalisation est debug, soit en définissant debug = True "
++"dans\n"
++"/etc/ipa/default.conf ou /etc/ipa/server.conf, alors une entrée sera "
++"affichée\n"
++"pour chaque utilisateur plus un résumé quand le groupe utilisateur par "
++"défaut\n"
++"est mis à jour.\n"
++
+ #, python-format
+ msgid ""
+ "Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually."
+@@ -7133,6 +8510,47 @@ msgstr "Afficher la politique effective sur un utilisateur spécifique"
+ msgid "Search for group password policies."
+ msgstr "Rechercher des politiques de mot de passe de groupe."
+
++msgid ""
++"\n"
++"Realm domains\n"
++"\n"
++"Manage the list of domains associated with IPA realm.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" Display the current list of realm domains:\n"
++" ipa realmdomains-show\n"
++"\n"
++" Replace the list of realm domains:\n"
++" ipa realmdomains-mod --domain=example.com\n"
++" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
++"\n"
++" Add a domain to the list of realm domains:\n"
++" ipa realmdomains-mod --add-domain=newdomain.com\n"
++"\n"
++" Delete a domain from the list of realm domains:\n"
++" ipa realmdomains-mod --del-domain=olddomain.com\n"
++msgstr ""
++"\n"
++"Domaines du royaume\n"
++"\n"
++"Gérer la liste des domaines associés au royaume IPA.\n"
++"\n"
++"EXEMPLES:\n"
++"\n"
++" Afficher la liste actuelle des domaines du royaume :\n"
++" ipa realmdomains-show\n"
++"\n"
++" Remplacer la liste des domaines du royaume :\n"
++" ipa realmdomains-mod --domain=example.com\n"
++" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
++"\n"
++" Ajouter un domaine à la liste des domaines du royaume :\n"
++" ipa realmdomains-mod --add-domain=newdomain.com\n"
++"\n"
++" Supprimer un domaine de la liste des domaines du royaume :\n"
++" ipa realmdomains-mod --del-domain=olddomain.com\n"
++
+ msgid "Realm domains"
+ msgstr "Domaines"
+
+@@ -7657,6 +9075,139 @@ msgstr ""
+ "Supprimer des systèmes et groupes de systèmes cibles d'une règle de "
+ "correspondance d'utilisateurs SELinux"
+
++msgid ""
++"\n"
++"Services\n"
++"\n"
++"A IPA service represents a service that runs on a host. The IPA service\n"
++"record can store a Kerberos principal, an SSL certificate, or both.\n"
++"\n"
++"An IPA service can be managed directly from a machine, provided that\n"
++"machine has been given the correct permission. This is true even for\n"
++"machines other than the one the service is associated with. For example,\n"
++"requesting an SSL certificate using the host service principal credentials\n"
++"of the host. To manage a service using host credentials you need to\n"
++"kinit as the host:\n"
++"\n"
++" # kinit -kt /etc/krb5.keytab host/ipa.example.com at EXAMPLE.COM\n"
++"\n"
++"Adding an IPA service allows the associated service to request an SSL\n"
++"certificate or keytab, but this is performed as a separate step; they\n"
++"are not produced as a result of adding the service.\n"
++"\n"
++"Only the public aspect of a certificate is stored in a service record;\n"
++"the private key is not stored.\n"
++"\n"
++"EXAMPLES:\n"
++"\n"
++" Add a new IPA service:\n"
++" ipa service-add HTTP/web.example.com\n"
++"\n"
++" Allow a host to manage an IPA service certificate:\n"
++" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
++" ipa role-add-member --hosts=web.example.com certadmin\n"
++"\n"
++" Override a default list of supported PAC types for the service:\n"
++" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
++"\n"
++" A typical use case where overriding the PAC type is needed is NFS.\n"
++" Currently the related code in the Linux kernel can only handle Kerberos\n"
++" tickets up to a maximal size. Since the PAC data can become quite large "
++"it\n"
++" is recommended to set --pac-type=NONE for NFS services.\n"
++"\n"
++" Delete an IPA service:\n"
++" ipa service-del HTTP/web.example.com\n"
++"\n"
++" Find all IPA services associated with a host:\n"
++" ipa service-find web.example.com\n"
++"\n"
++" Find all HTTP services:\n"
++" ipa service-find HTTP\n"
++"\n"
++" Disable the service Kerberos key and SSL certificate:\n"
++" ipa service-disable HTTP/web.example.com\n"
++"\n"
++" Request a certificate for an IPA service:\n"
++" ipa cert-request --principal=HTTP/web.example.com example.csr\n"
++"\n"
++" Generate and retrieve a keytab for an IPA service:\n"
++" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
++"httpd.keytab\n"
++"\n"
++msgstr ""
++"\n"
++"Services\n"
++"\n"
++"Un service IPA est un service qui s'exécute sur un hôte. L'enregistrement du "
++"service IPA\n"
++"peut comporter un principal Kerberos, un certificat SSL ou les deux.\n"
++"\n"
++"Un service IPA peut être directement géré à partir d'une machine, pour "
++"autant que des\n"
++"autorisations d'accès correctes aient été fournies à la machine. Ceci est "
++"vrai même pour\n"
++"les machines autres que celle à laquelle le service est associé. Par "
++"exemple,\n"
++"demander un certificat SSL en utilisant les justificatifs d'identité du "
++"principal du service\n"
++"hôte de l'hôte. Pour gérer un service en utilisant les références de l'hôte, "
++"vous devrez\n"
++"exécuter kinit en tant qu'hôte :\n"
++"\n"
++" # kinit -kt /etc/krb5.keytab host/ipa.example.com at EXAMPLE.COM\n"
++"\n"
++"Ajouter un service IPA permet au service associé de demander un certificat "
++"SSL ou\n"
++"un tableau de clés, mais cela est réalisé dans une étape distincte ; cela "
++"n'est pas\n"
++"le résultat de l'ajout du service.\n"
++"\n"
++"Seule la composante publique du certificat est stockée dans un "
++"enregistrement de service ;\n"
++"la clé privée n'y est pas mise.\n"
++"\n"
++"EXEMPLES:\n"
++"\n"
++" Ajouter un nouveau service IPA :\n"
++" ipa service-add HTTP/web.example.com\n"
++"\n"
++" Autoriser un hôte à gérer un certificat de service IPA :\n"
++" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
++" ipa role-add-member --hosts=web.example.com certadmin\n"
++"\n"
++" Écraser la liste par défaut des types PAC pris en charge par le service :\n"
++" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
++"\n"
++" Un cas classique de l'utilisation de l'écrasement du type PAC est "
++"nécessaire avec NFS.\n"
++" Actuellement le code relatif à cette fonction dans le noyau Linux ne gère "
++"les tickets\n"
++" Kerberos que jusqu'à une taille maximale donnée. Comme les données PAC "
++"peuvent devenir\n"
++" bien plus grandes, il est recommandé de fixer --pac-type=NONE pour les "
++"services NFS.\n"
++"\n"
++" Supprimer un service IPA :\n"
++" ipa service-del HTTP/web.example.com\n"
++"\n"
++" Trouver tous les services IPA associés à un hôte :\n"
++" ipa service-find web.example.com\n"
++"\n"
++" Trouver tous les service HTTP :\n"
++" ipa service-find HTTP\n"
++"\n"
++" Désactiver la clé du service Kerberos key et le certificat SSL :\n"
++" ipa service-disable HTTP/web.example.com\n"
++"\n"
++" Réclamer un certificat pour un service IPA :\n"
++" ipa cert-request --principal=HTTP/web.example.com example.csr\n"
++"\n"
++" Générer et retrouver un tableau de clés pour un service IPA :\n"
++" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
++"httpd.keytab\n"
++"\n"
++
+ msgid "Requires pre-authentication"
+ msgstr "Nécessite une pré-authentification"
+
+@@ -7935,6 +9486,82 @@ msgstr "Ajouter des membres à un groupe de commandes Sudo."
+ msgid "Remove members from Sudo Command Group."
+ msgstr "Supprimer des membres d'un groupe de commandes Sudo."
+
++msgid ""
++"\n"
++"Sudo Rules\n"
++"\n"
++"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
++"give certain users (or groups of users) the ability to run some (or all)\n"
++"commands as root or another user while providing an audit trail of the\n"
++"commands and their arguments.\n"
++"\n"
++"FreeIPA provides a means to configure the various aspects of Sudo:\n"
++" Users: The user(s)/group(s) allowed to invoke Sudo.\n"
++" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
++"Sudo.\n"
++" Allow Command: The specific command(s) permitted to be run via Sudo.\n"
++" Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
++" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
++"invoked with.\n"
++" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
++" Options: The various Sudoers Options that can modify Sudo's behavior.\n"
++"\n"
++"An order can be added to a sudorule to control the order in which they\n"
++"are evaluated (if the client supports it). This order is an integer and\n"
++"must be unique.\n"
++"\n"
++"FreeIPA provides a designated binddn to use with Sudo located at:\n"
++"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
++"\n"
++"To enable the binddn run the following command to set the password:\n"
++"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
++"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
++"dc=com\n"
++"\n"
++"For more information, see the FreeIPA Documentation to Sudo.\n"
++msgstr ""
++"\n"
++"Règles Sudo\n"
++"\n"
++"Sudo (su « do ») permet à un administrateur système de donner l'autorisation "
++"à certains\n"
++"utilisateurs (ou groupes d'utilisateurs) d'exécuter certaines (ou toute)\n"
++"commandes en tant qu'utilisateur root ou autre, tout en fournissant une "
++"piste de vérification\n"
++"des commandes et de leurs arguments.\n"
++"\n"
++"FreeIPA donne des possibilités de configurer divers aspects de Sudo :\n"
++" Users : les utilisateurs ou groupes autorisés à faire appel à Sudo.\n"
++" Hosts : les hôtes ou groupes d'hôtes sur lesquels l'utilisateur peut "
++"faire appel à Sudo.\n"
++" Allow Command : les commandes précises pouvant être lancées via Sudo.\n"
++" Deny Command : les commandes précises ne pouvant pas être lancées via "
++"Sudo.\n"
++" RunAsUser : utilisateurs ou groupes ayant des droits Sudo avec lesquels "
++"il sera fait appel.\n"
++" RunAsGroup : les groupes dont le gid permet de faire appel avec certains "
++"droits Sudo.\n"
++" Options : les diverses options Sudoers susceptibles de modifier le "
++"comportement de Sudo.\n"
++"\n"
++"Un numéro d'ordre peut être ajouté à des règles Sudo pour contrôler l'ordre "
++"dans lequel\n"
++"elles sont évaluées (si le client la prend en charge). Ce numéro d'ordre est "
++"un entier et\n"
++"doit être unique.\n"
++"\n"
++"FreeIPA met à disposition un binddn conçu pour être utilisé avec Sudo situé "
++"à :\n"
++"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
++"\n"
++"Pour activer binddn, exécutez la commande ci-après pour définir le mot de "
++"passe :\n"
++"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
++"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
++"dc=com\n"
++"\n"
++"Pour plus d'informations, voyez la documentation FreeIPA de Sudo.\n"
++
+ msgid "Commands for controlling sudo configuration"
+ msgstr "Commandes pour le contrôle d'une configuration sudo"
+
+@@ -8174,6 +9801,214 @@ msgstr "Retirer une option d'une règle Sudo."
+ msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\""
+ msgstr "Option \"%(option)s\" supprimée de la règle Sudo \"%(rule)s\""
+
++msgid ""
++"\n"
++"Cross-realm trusts\n"
++"\n"
++"Manage trust relationship between IPA and Active Directory domains.\n"
++"\n"
++"In order to allow users from a remote domain to access resources in IPA\n"
++"domain, trust relationship needs to be established. Currently IPA supports\n"
++"only trusts between IPA and Active Directory domains under control of "
++"Windows\n"
++"Server 2008 or later, with functional level 2008 or later.\n"
++"\n"
++"Please note that DNS on both IPA and Active Directory domain sides should "
++"be\n"
++"configured properly to discover each other. Trust relationship relies on\n"
++"ability to discover special resources in the other domain via DNS records.\n"
++"\n"
++"Examples:\n"
++"\n"
++"1. Establish cross-realm trust with Active Directory using AD administrator\n"
++" credentials:\n"
++"\n"
++" ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --"
++"password\n"
++"\n"
++"2. List all existing trust relationships:\n"
++"\n"
++" ipa trust-find\n"
++"\n"
++"3. Show details of the specific trust relationship:\n"
++"\n"
++" ipa trust-show <ad.domain>\n"
++"\n"
++"4. Delete existing trust relationship:\n"
++"\n"
++" ipa trust-del <ad.domain>\n"
++"\n"
++"Once trust relationship is established, remote users will need to be mapped\n"
++"to local POSIX groups in order to actually use IPA resources. The mapping "
++"should\n"
++"be done via use of external membership of non-POSIX group and then this "
++"group\n"
++"should be included into one of local POSIX groups.\n"
++"\n"
++"Example:\n"
++"\n"
++"1. Create group for the trusted domain admins' mapping and their local POSIX "
++"group:\n"
++"\n"
++" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
++"--external\n"
++" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
++"\n"
++"2. Add security identifier of Domain Admins of the <ad.domain> to the "
++"ad_admins_external\n"
++" group:\n"
++"\n"
++" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
++"\n"
++"3. Allow members of ad_admins_external group to be associated with ad_admins "
++"POSIX group:\n"
++"\n"
++" ipa group-add-member ad_admins --groups ad_admins_external\n"
++"\n"
++"4. List members of external members of ad_admins_external group to see their "
++"SIDs:\n"
++"\n"
++" ipa group-show ad_admins_external\n"
++"\n"
++"\n"
++"GLOBAL TRUST CONFIGURATION\n"
++"\n"
++"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n"
++"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n"
++"identifiers are then used when communicating with a trusted domain of the\n"
++"particular type.\n"
++"\n"
++"1. Show global trust configuration for Active Directory type of trusts:\n"
++"\n"
++" ipa trustconfig-show --type ad\n"
++"\n"
++"2. Modify global configuration for all trusts of Active Directory type and "
++"set\n"
++" a different fallback primary group (fallback primary group GID is used "
++"as\n"
++" a primary user GID if user authenticating to IPA domain does not have any "
++"other\n"
++" primary GID already set):\n"
++"\n"
++" ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD "
++"group\"\n"
++"\n"
++"3. Change primary fallback group back to default hidden group (any group "
++"with\n"
++" posixGroup object class is allowed):\n"
++"\n"
++" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
++"\"\n"
++msgstr ""
++"\n"
++"Confiance croisée entre royaumes\n"
++"\n"
++"Gérer les relations de confiance entre les domaines IPA et Active "
++"Directory.\n"
++"\n"
++"Pour permettre aux utilisateurs d'un domaine distant l'accès aux ressources "
++"d'un domaine IPA,\n"
++"des relations de confiance doivent être établies. Actuellement IPA ne prend "
++"en charge que\n"
++"la confiance entre des domaines IPA et Active Directory sous le contrôle de "
++"Windows\n"
++"Server 2008 ou ultérieur, avec le niveau fonctionnel 2008 ou ultérieur.\n"
++"\n"
++"Veuillez noter que DNS doit être correctement configuré à la fois côté "
++"domaine IPA et côté\n"
++"Active Directory pour une découverte mutuelle. La relation de confiance "
++"repose sur la capacité\n"
++"à repérer des ressources spéciales dans l'autre domaine via des "
++"enregistrements DNS.\n"
++"\n"
++"Exemples :\n"
++"\n"
++"1. Établir des relations de confiance croisées entre royaume avec Active "
++"Directory avec les\n"
++"autorisations d'accès de l'administrateur AD :\n"
++"\n"
++" ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --"
++"password\n"
++"\n"
++"2. Lister toutes les relations de confiance existantes :\n"
++"\n"
++" ipa trust-find\n"
++"\n"
++"3. Voir les détails d'une relation de confiance donnée :\n"
++"\n"
++" ipa trust-show <ad.domain>\n"
++"\n"
++"4. Supprimer une relation de confiance existante :\n"
++"\n"
++" ipa trust-del <ad.domain>\n"
++"\n"
++"Une fois la relation de confiance établie, les utilisateurs distants doivent "
++"être mis en\n"
++"relation avec des groupes POSIX locaux pour utiliser réellement des "
++"ressources IPA. La\n"
++"relation doit se faire via l'appartenance à un groupe non-POSIX externe, "
++"puis ce groupe\n"
++"doit être intégré dans un des groupes POSIX locaux.\n"
++"\n"
++"Exemple :\n"
++"\n"
++"1. Créer un groupe pour la mise en relation avec le domaine de confiance "
++"admins et leur\n"
++" groupe POSIX local :\n"
++"\n"
++" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
++"--external\n"
++" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
++"\n"
++"2. Ajouter un identifiant de sécurité de <ad.domain> de Domain Admins au "
++"groupe\n"
++" externe ad_admins :\n"
++"\n"
++" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
++"\n"
++"3. Associer des membres du groupe ad_admins_external avec le groupe POSIX "
++"ad_admins :\n"
++"\n"
++" ipa group-add-member ad_admins --groups ad_admins_external\n"
++"\n"
++"4. Lister les membrer externes du groupe externe ad_admins_external pour "
++"voir leur SID :\n"
++"\n"
++" ipa group-show ad_admins_external\n"
++"\n"
++"\n"
++"CONFIGURATION D'UNE CONFIANCE GLOBALE\n"
++"\n"
++"Quand le sous-paquet IPA AD trust est installé et ipa-adtrust-install est "
++"exécuté,\n"
++"une configuration de domaine local (SID, GUID, nom NetBIOS) est créée. Ces "
++"identifiants\n"
++"sont alors utilisés lors de communications avec un domaine de confiance\n"
++"de type particulier.\n"
++"\n"
++"1. Afficher la configuration de confiance globale pour les types de "
++"confiance Active Directory :\n"
++"\n"
++" ipa trustconfig-show --type ad\n"
++"\n"
++"2. Modifier la configuration globale de toutes les confiances de type Active "
++"Directory et\n"
++" définir un groupe principal de recours (le GID du groupe principal de "
++"recours est utilisé\n"
++" comme GID d'utilisateur pricipal si l'utilisateur s'authentifiant auprès "
++"du domaine IPA\n"
++" n'a pas d'autre GID principal déjà défini) :\n"
++"\n"
++" ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD "
++"group\"\n"
++"\n"
++"3. Revenir au groupe caché par défaut comme groupe de recours principal "
++"(tout groupe de la\n"
++" classe objet posixGroup est autorisé) :\n"
++"\n"
++" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
++"\"\n"
++
+ msgid "Non-Active Directory domain"
+ msgstr "Domaine non-Active Directory"
+
+@@ -8223,6 +10058,37 @@ msgstr "liste noire de SID sortante"
+ msgid "invalid SID: %(value)s"
+ msgstr "SID invalide : %(value)s"
+
++msgid ""
++"\n"
++"Add new trust to use.\n"
++"\n"
++"This command establishes trust relationship to another domain\n"
++"which becomes 'trusted'. As result, users of the trusted domain\n"
++"may access resources of this domain.\n"
++"\n"
++"Only trusts to Active Directory domains are supported right now.\n"
++"\n"
++"The command can be safely run multiple times against the same domain,\n"
++"this will cause change to trust relationship credentials on both\n"
++"sides.\n"
++" "
++msgstr ""
++"\n"
++"Ajout d'une nouvelle relation de confiance.\n"
++"\n"
++"Cette commande établit une relation de confiance avec un autre domaine\n"
++"qui ainsi devient « de confiance ». En conséquence, des utilisateurs du "
++"domaine de confiance\n"
++"peuvent avoir accès aux ressources de ce domaine.\n"
++"\n"
++"Actuellement, seules les relations de confiance avec les domaines Active "
++"Directory sont prises en charge.\n"
++"\n"
++"Cette commande peut être lancée plusieurs fois en toute sécurité à "
++"l'encontre du même domaine,\n"
++"elle modifiera les références de la relation de confiance des deux côtés.\n"
++" "
++
+ msgid "Active Directory domain administrator"
+ msgstr "Administrateur du domaine Active Directory"
+
+@@ -8315,6 +10181,9 @@ msgstr ""
+ "déjà. La plage d'ID pour le nouveau domaine approuvé doit être créée "
+ "manuellement."
+
++msgid "range type change"
++msgstr "modifier le type de plage"
++
+ msgid ""
+ "ID range for the trusted domain already exists, but it has a different type. "
+ "Please remove the old range manually, or do not enforce type via --range-"
+@@ -8758,6 +10627,64 @@ msgstr ""
+ msgid "Unlocked account \"%(value)s\""
+ msgstr "Compte utilisateur \"%(value)s\" déverrouillé"
+
++msgid ""
++"\n"
++" Lockout status of a user account\n"
++"\n"
++" An account may become locked if the password is entered incorrectly too\n"
++" many times within a specific time period as controlled by password\n"
++" policy. A locked account is a temporary condition and may be unlocked "
++"by\n"
++" an administrator.\n"
++"\n"
++" This connects to each IPA master and displays the lockout status on\n"
++" each one.\n"
++"\n"
++" To determine whether an account is locked on a given server you need\n"
++" to compare the number of failed logins and the time of the last "
++"failure.\n"
++" For an account to be locked it must exceed the maxfail failures within\n"
++" the failinterval duration as specified in the password policy "
++"associated\n"
++" with the user.\n"
++"\n"
++" The failed login counter is modified only when a user attempts a log in\n"
++" so it is possible that an account may appear locked but the last failed\n"
++" login attempt is older than the lockouttime of the password policy. "
++"This\n"
++" means that the user may attempt a login again. "
++msgstr ""
++"\n"
++" Verrouillage de l'état d'un compte utilisateur\n"
++"\n"
++" Un compte peut être verrouillé si un mot de passe incorrect est entre à "
++"plusieurs\n"
++" reprises pendant une période de temps donnée selon la règle de contrôle "
++"des mots de\n"
++" passe. Le verrouillage du compte est un état temporaire ; le compte peut "
++"être\n"
++" déverrouillé par un administrateur.\n"
++"\n"
++" Ce dernier se connecte sur l'IPA maître et affiche l'état verrouillé de\n"
++" chacun.\n"
++"\n"
++" Pour savoir si un compte est verrouillé sur un serveur donné, vous "
++"devez\n"
++" comparer le nombre d'échecs de connexion et l'heure du dernier échec.\n"
++" Pour qu'un compte soit verrouillé, le nombre d'échecs doit dépasser le "
++"maximum\n"
++" autorisé dans le délai voulu tel que défini dans la règle pour le mot de "
++"passe\n"
++" correspondant à l'utilisateur.\n"
++"\n"
++" Le compteur d'échecs de connexion n'est modifié que lorsqu'un "
++"utilisateur tente une\n"
++" connexion, il est donc possible qu'un compte apparaisse bloqué mais que "
++"la dernière\n"
++" tentative de connexion soit antérieure à la durée de verrouillage de la "
++"règle. Cela\n"
++" signifie que l'utilisateur peut tenter de connecter à nouveau."
++
+ #, python-format
+ msgid "%(host)s failed: %(error)s"
+ msgstr "%(host)s en échec : %(error)s"
+@@ -9436,7 +11363,7 @@ msgid "Hostname of this server"
+ msgstr "Nom de système de ce serveur"
+
+ msgid "hostname"
+-msgstr "non de système"
++msgstr "nom de système"
+
+ msgid "IPA Server to use"
+ msgstr "Serveur IPA à utiliser"
+@@ -9527,7 +11454,7 @@ msgstr "Échec lors de l'ouverture de la keytab « %1$s » : %2$s\n"
+
+ #, c-format
+ msgid "Closing keytab failed\n"
+-msgstr "La fermeture du keytab a échoué\n"
++msgstr "La fermeture du tableau des clés a échoué\n"
+
+ #, c-format
+ msgid "krb5_kt_close %1$d: %2$s\n"
+diff --git a/install/po/id.po b/install/po/id.po
+index 2d97536909453f188c46e5021d0e19524532a8be..61c47a64f3085457925b183dccc6b6ef4f1186de 100644
+--- a/install/po/id.po
++++ b/install/po/id.po
+@@ -8,16 +8,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Indonesian <trans-id at lists.fedoraproject.org>\n"
+-"Language: id\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: id\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+
+ #, python-format
+diff --git a/install/po/ipa.pot b/install/po/ipa.pot
+index ded39abf0101810e252582492e17ac3608554efb..12f7863bc8f6e2f3d22b950f9a4e67319f17e5cb 100644
+--- a/install/po/ipa.pot
++++ b/install/po/ipa.pot
+@@ -9,7 +9,7 @@ msgstr ""
+ "Project-Id-Version: ipa\n"
+ "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+ "newticket\n"
+-"POT-Creation-Date: 2013-08-01 16:02+0200\n"
++"POT-Creation-Date: 2013-09-26 10:57+0200\n"
+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+ "Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+ "Language-Team: LANGUAGE <LL at li.org>\n"
+@@ -438,29 +438,29 @@ msgstr ""
+ msgid "%(name)s certificate is not valid"
+ msgstr ""
+
+-#: ipalib/frontend.py:411
++#: ipalib/frontend.py:412
+ msgid "Results are truncated, try a more specific search"
+ msgstr ""
+
+-#: ipalib/frontend.py:530
++#: ipalib/frontend.py:531
+ #, python-format
+ msgid "Unknown option: %(option)s"
+ msgstr ""
+
+-#: ipalib/frontend.py:902
++#: ipalib/frontend.py:903
+ msgid ""
+ "Retrieve and print all attributes from the server. Affects command output."
+ msgstr ""
+
+-#: ipalib/frontend.py:908
++#: ipalib/frontend.py:909
+ msgid "Print entries as stored on the server. Only affects output format."
+ msgstr ""
+
+-#: ipalib/frontend.py:914 ipalib/plugins/batch.py:69
++#: ipalib/frontend.py:915 ipalib/plugins/batch.py:69
+ msgid "Client version. Used to determine if server will accept request."
+ msgstr ""
+
+-#: ipalib/frontend.py:1087
++#: ipalib/frontend.py:1088
+ msgid "Forward to server instead of running locally"
+ msgstr ""
+
+@@ -953,7 +953,7 @@ msgstr ""
+ #: ipalib/plugins/automember.py:176 ipalib/plugins/automount.py:579
+ #: ipalib/plugins/group.py:155 ipalib/plugins/hbacrule.py:179
+ #: ipalib/plugins/hbacsvc.py:79 ipalib/plugins/hbacsvcgroup.py:73
+-#: ipalib/plugins/host.py:266 ipalib/plugins/hostgroup.py:90
++#: ipalib/plugins/host.py:268 ipalib/plugins/hostgroup.py:90
+ #: ipalib/plugins/netgroup.py:122 ipalib/plugins/privilege.py:73
+ #: ipalib/plugins/role.py:92 ipalib/plugins/selinuxusermap.py:184
+ #: ipalib/plugins/sudocmd.py:77 ipalib/plugins/sudocmdgroup.py:78
+@@ -1272,7 +1272,7 @@ msgstr ""
+ msgid "Automount Location"
+ msgstr ""
+
+-#: ipalib/plugins/automount.py:215 ipalib/plugins/host.py:276
++#: ipalib/plugins/automount.py:215 ipalib/plugins/host.py:278
+ msgid "Location"
+ msgstr ""
+
+@@ -1554,7 +1554,7 @@ msgid "Display an automount key."
+ msgstr ""
+
+ #: ipalib/plugins/baseldap.py:41 ipalib/plugins/internal.py:280
+-#: ipalib/plugins/internal.py:632 ipalib/plugins/migration.py:491
++#: ipalib/plugins/internal.py:633 ipalib/plugins/migration.py:491
+ #: ipalib/plugins/user.py:289
+ msgid "Password"
+ msgstr ""
+@@ -1999,40 +1999,40 @@ msgid "automatically add the principal if it doesn't exist"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:269 ipalib/plugins/cert.py:481
+-#: ipalib/plugins/host.py:305 ipalib/plugins/internal.py:319
++#: ipalib/plugins/host.py:307 ipalib/plugins/internal.py:319
+ #: ipalib/plugins/service.py:328
+ msgid "Certificate"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:272 ipalib/plugins/cert.py:484
+ #: ipalib/plugins/cert.py:638 ipalib/plugins/cert.py:639
+-#: ipalib/plugins/host.py:165 ipalib/plugins/internal.py:332
++#: ipalib/plugins/host.py:167 ipalib/plugins/internal.py:332
+ #: ipalib/plugins/service.py:102
+ msgid "Subject"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:275 ipalib/plugins/cert.py:487
+-#: ipalib/plugins/host.py:174 ipalib/plugins/service.py:111
++#: ipalib/plugins/host.py:176 ipalib/plugins/service.py:111
+ msgid "Issuer"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:278 ipalib/plugins/cert.py:490
+-#: ipalib/plugins/host.py:177 ipalib/plugins/service.py:114
++#: ipalib/plugins/host.py:179 ipalib/plugins/service.py:114
+ msgid "Not Before"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:281 ipalib/plugins/cert.py:493
+-#: ipalib/plugins/host.py:180 ipalib/plugins/service.py:117
++#: ipalib/plugins/host.py:182 ipalib/plugins/service.py:117
+ msgid "Not After"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:284 ipalib/plugins/cert.py:496
+-#: ipalib/plugins/host.py:183 ipalib/plugins/service.py:120
++#: ipalib/plugins/host.py:185 ipalib/plugins/service.py:120
+ msgid "Fingerprint (MD5)"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:287 ipalib/plugins/cert.py:499
+-#: ipalib/plugins/host.py:186 ipalib/plugins/service.py:123
++#: ipalib/plugins/host.py:188 ipalib/plugins/service.py:123
+ msgid "Fingerprint (SHA1)"
+ msgstr ""
+
+@@ -2107,7 +2107,7 @@ msgstr ""
+ msgid "Retrieve an existing certificate."
+ msgstr ""
+
+-#: ipalib/plugins/cert.py:502 ipalib/plugins/host.py:189
++#: ipalib/plugins/cert.py:502 ipalib/plugins/host.py:191
+ #: ipalib/plugins/internal.py:329 ipalib/plugins/internal.py:358
+ #: ipalib/plugins/service.py:126
+ msgid "Revocation reason"
+@@ -2206,8 +2206,8 @@ msgid "Maximum number of certs returned"
+ msgstr ""
+
+ #: ipalib/plugins/cert.py:713 ipalib/plugins/internal.py:366
+-#: ipalib/plugins/internal.py:472 ipalib/plugins/internal.py:551
+-#: ipalib/plugins/internal.py:658
++#: ipalib/plugins/internal.py:472 ipalib/plugins/internal.py:552
++#: ipalib/plugins/internal.py:659
+ msgid "Status"
+ msgstr ""
+
+@@ -2556,7 +2556,7 @@ msgstr[1] ""
+ msgid "Display information about a delegation."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:40
++#: ipalib/plugins/dns.py:41
+ msgid ""
+ "\n"
+ "Domain Name System (DNS)\n"
+@@ -2767,243 +2767,243 @@ msgid ""
+ " ipa dnsconfig-mod --forwarder=10.0.0.1\n"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:292
++#: ipalib/plugins/dns.py:293
+ #, python-format
+ msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:295
++#: ipalib/plugins/dns.py:296
+ msgid "invalid IP address format"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:308
++#: ipalib/plugins/dns.py:309
+ msgid "invalid IP network format"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:317
++#: ipalib/plugins/dns.py:318
+ msgid "each ACL element must be terminated with a semicolon"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:334
++#: ipalib/plugins/dns.py:335
+ msgid "invalid address format"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:378 ipalib/plugins/dns.py:421
++#: ipalib/plugins/dns.py:379 ipalib/plugins/dns.py:422
+ #, python-format
+ msgid "invalid domain-name: %s"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:407
++#: ipalib/plugins/dns.py:408
+ #, python-format
+ msgid "%(port)s is not a valid port"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:483
++#: ipalib/plugins/dns.py:484
+ #, python-format
+ msgid "DNS reverse zone for IP address %(addr)s not found"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:495
++#: ipalib/plugins/dns.py:496
+ #, python-format
+ msgid "DNS zone %(zone)s not found"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:509
++#: ipalib/plugins/dns.py:510
+ #, python-format
+ msgid "IP address %(ip)s is already assigned in domain %(domain)s."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:522
++#: ipalib/plugins/dns.py:523
+ #, python-format
+ msgid ""
+ "Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:558
++#: ipalib/plugins/dns.py:559
+ #, python-format
+ msgid "%s record"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:560
+-#, python-format
+-msgid "Raw %s records"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:561
+ #, python-format
+-msgid "%s Record"
++msgid "Raw %s records"
+ msgstr ""
+
+ #: ipalib/plugins/dns.py:562
+ #, python-format
++msgid "%s Record"
++msgstr ""
++
++#: ipalib/plugins/dns.py:563
++#, python-format
+ msgid "(see RFC %s for details)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:618
++#: ipalib/plugins/dns.py:619
+ #, python-format
+ msgid "'%s' is a required part of DNS record"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:625
++#: ipalib/plugins/dns.py:626
+ msgid "Invalid number of parts!"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:680
++#: ipalib/plugins/dns.py:681
+ #, python-format
+ msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:696
++#: ipalib/plugins/dns.py:697
+ #, python-format
+ msgid "format must be specified as \"%(format)s\" %(rfcs)s"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:820
+-msgid "Create reverse"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:821
++msgid "Create reverse"
++msgstr ""
++
++#: ipalib/plugins/dns.py:822
+ msgid "Create reverse record for this IP Address"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:856
++#: ipalib/plugins/dns.py:857
+ #, python-format
+ msgid "Cannot create reverse record for \"%(value)s\": %(exc)s"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:865 ipalib/plugins/dns.py:888
+-#: ipalib/plugins/host.py:405
++#: ipalib/plugins/dns.py:866 ipalib/plugins/dns.py:889
++#: ipalib/plugins/host.py:407
+ msgid "IP Address"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:874 ipalib/plugins/dns.py:1485
++#: ipalib/plugins/dns.py:875 ipalib/plugins/dns.py:1486
+ msgid "Record data"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:897
++#: ipalib/plugins/dns.py:898
+ msgid "Subtype"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:903 ipalib/plugins/dns.py:942
+-#: ipalib/plugins/dns.py:1195 ipalib/plugins/dns.py:1292
+-#: ipalib/plugins/dns.py:2929
++#: ipalib/plugins/dns.py:904 ipalib/plugins/dns.py:943
++#: ipalib/plugins/dns.py:1196 ipalib/plugins/dns.py:1293
++#: ipalib/plugins/dns.py:2930
+ msgid "Hostname"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:917
++#: ipalib/plugins/dns.py:918
+ msgid "Certificate Type"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:922 ipalib/plugins/dns.py:977
+-#: ipalib/plugins/dns.py:1375
++#: ipalib/plugins/dns.py:923 ipalib/plugins/dns.py:978
++#: ipalib/plugins/dns.py:1376
+ msgid "Key Tag"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:927 ipalib/plugins/dns.py:982
+-#: ipalib/plugins/dns.py:1016 ipalib/plugins/dns.py:1353
+-#: ipalib/plugins/dns.py:1401
++#: ipalib/plugins/dns.py:928 ipalib/plugins/dns.py:983
++#: ipalib/plugins/dns.py:1017 ipalib/plugins/dns.py:1354
++#: ipalib/plugins/dns.py:1402
+ msgid "Algorithm"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:932
++#: ipalib/plugins/dns.py:933
+ msgid "Certificate/CRL"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:943
++#: ipalib/plugins/dns.py:944
+ msgid "A hostname which this alias hostname points to"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:963 ipalib/plugins/dns.py:1329
++#: ipalib/plugins/dns.py:964 ipalib/plugins/dns.py:1330
+ #: ipalib/plugins/internal.py:502
+ msgid "Target"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:987
++#: ipalib/plugins/dns.py:988
+ msgid "Digest Type"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:992
++#: ipalib/plugins/dns.py:993
+ msgid "Digest"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1006 ipalib/plugins/dns.py:1271
++#: ipalib/plugins/dns.py:1007 ipalib/plugins/dns.py:1272
+ msgid "Flags"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1011
++#: ipalib/plugins/dns.py:1012
+ msgid "Protocol"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1021
++#: ipalib/plugins/dns.py:1022
+ msgid "Public Key"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1035 ipalib/plugins/dns.py:1176
+-#: ipalib/plugins/dns.py:1265
+-msgid "Preference"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1036 ipalib/plugins/dns.py:1177
++#: ipalib/plugins/dns.py:1266
++msgid "Preference"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1037 ipalib/plugins/dns.py:1178
+ msgid "Preference given to this exchanger. Lower values are more preferred"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1042 ipalib/plugins/dns.py:1183
++#: ipalib/plugins/dns.py:1043 ipalib/plugins/dns.py:1184
+ msgid "Exchanger"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1043
++#: ipalib/plugins/dns.py:1044
+ msgid "A host willing to act as a key exchanger"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1052
++#: ipalib/plugins/dns.py:1053
+ msgid "Degrees Latitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1057
++#: ipalib/plugins/dns.py:1058
+ msgid "Minutes Latitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1062
++#: ipalib/plugins/dns.py:1063
+ msgid "Seconds Latitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1068
++#: ipalib/plugins/dns.py:1069
+ msgid "Direction Latitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1072
++#: ipalib/plugins/dns.py:1073
+ msgid "Degrees Longitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1077
++#: ipalib/plugins/dns.py:1078
+ msgid "Minutes Longitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1082
++#: ipalib/plugins/dns.py:1083
+ msgid "Seconds Longitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1088
++#: ipalib/plugins/dns.py:1089
+ msgid "Direction Longitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1092
++#: ipalib/plugins/dns.py:1093
+ msgid "Altitude"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1098
++#: ipalib/plugins/dns.py:1099
+ msgid "Size"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1104
++#: ipalib/plugins/dns.py:1105
+ msgid "Horizontal Precision"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1110
++#: ipalib/plugins/dns.py:1111
+ msgid "Vertical Precision"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1117
++#: ipalib/plugins/dns.py:1118
+ msgid ""
+ "format must be specified as\n"
+ " \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] "
+@@ -3018,547 +3018,547 @@ msgid ""
+ " See RFC 1876 for details"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1166
++#: ipalib/plugins/dns.py:1167
+ #, python-format
+ msgid "'%(required)s' must not be empty when '%(name)s' is set"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1184
++#: ipalib/plugins/dns.py:1185
+ msgid "A host willing to act as a mail exchanger"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1202
++#: ipalib/plugins/dns.py:1203
+ msgid ""
+ "format must be specified as \"NEXT TYPE1 [TYPE2 [TYPE3 [...]]]\" (see RFC "
+ "4034 for details)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1209
++#: ipalib/plugins/dns.py:1210
+ msgid "Next Domain Name"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1212
++#: ipalib/plugins/dns.py:1213
+ msgid "Type Map"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1252
++#: ipalib/plugins/dns.py:1253
+ msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1260
++#: ipalib/plugins/dns.py:1261
+ msgid "Order"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1275 ipalib/plugins/hbactest.py:265
+-#: ipalib/plugins/internal.py:550 ipalib/plugins/service.py:316
++#: ipalib/plugins/dns.py:1276 ipalib/plugins/hbactest.py:265
++#: ipalib/plugins/internal.py:551 ipalib/plugins/service.py:316
+ msgid "Service"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1278
++#: ipalib/plugins/dns.py:1279
+ msgid "Regular Expression"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1281
++#: ipalib/plugins/dns.py:1282
+ msgid "Replacement"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1293
++#: ipalib/plugins/dns.py:1294
+ msgid "The hostname this reverse record points to"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1313 ipalib/plugins/pwpolicy.py:266
++#: ipalib/plugins/dns.py:1314 ipalib/plugins/pwpolicy.py:267
+ msgid "Priority"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1318
++#: ipalib/plugins/dns.py:1319
+ msgid "Weight"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1323
++#: ipalib/plugins/dns.py:1324
+ msgid "Port"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1330
++#: ipalib/plugins/dns.py:1331
+ msgid ""
+ "The domain name of the target host or '.' if the service is decidedly not "
+ "available at this domain"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1339
++#: ipalib/plugins/dns.py:1340
+ msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1349
++#: ipalib/plugins/dns.py:1350
+ msgid "Type Covered"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1358
++#: ipalib/plugins/dns.py:1359
+ msgid "Labels"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1363
++#: ipalib/plugins/dns.py:1364
+ msgid "Original TTL"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1368
++#: ipalib/plugins/dns.py:1369
+ msgid "Signature Expiration"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1372
++#: ipalib/plugins/dns.py:1373
+ msgid "Signature Inception"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1380
++#: ipalib/plugins/dns.py:1381
+ msgid "Signer's Name"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1383
++#: ipalib/plugins/dns.py:1384
+ msgid "Signature"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1406
++#: ipalib/plugins/dns.py:1407
+ msgid "Fingerprint Type"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1411
++#: ipalib/plugins/dns.py:1412
+ msgid "Fingerprint"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1432
++#: ipalib/plugins/dns.py:1433
+ msgid "Text Data"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1479
++#: ipalib/plugins/dns.py:1480
+ msgid "Records"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1482
++#: ipalib/plugins/dns.py:1483
+ msgid "Record type"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1515
++#: ipalib/plugins/dns.py:1516
+ #, python-format
+ msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1533
++#: ipalib/plugins/dns.py:1534
+ msgid "Managedby permission"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1542
+-msgid "DNS zone"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1543
++msgid "DNS zone"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1544
+ msgid "DNS zones"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1552
+-msgid "DNS Zones"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1553
++msgid "DNS Zones"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1554
+ msgid "DNS Zone"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1559
+-msgid "Zone name"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1560
++msgid "Zone name"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1561
+ msgid "Zone name (FQDN)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1566
+-msgid "Reverse zone IP network"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1567
++msgid "Reverse zone IP network"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1568
+ msgid "IP network to create reverse zone name from"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1572
+-msgid "Authoritative nameserver"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1573
++msgid "Authoritative nameserver"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1574
+ msgid "Authoritative nameserver domain name"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1579 ipalib/plugins/dns.py:1580
++#: ipalib/plugins/dns.py:1580 ipalib/plugins/dns.py:1581
+ msgid "Administrator e-mail address"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1586
+-msgid "SOA serial"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1587
++msgid "SOA serial"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1588
+ msgid "SOA record serial number"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1595
+-msgid "SOA refresh"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1596
++msgid "SOA refresh"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1597
+ msgid "SOA record refresh time"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1604
+-msgid "SOA retry"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1605
++msgid "SOA retry"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1606
+ msgid "SOA record retry time"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1613
+-msgid "SOA expire"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1614
++msgid "SOA expire"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1615
+ msgid "SOA record expire time"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1622
+-msgid "SOA minimum"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1623
++msgid "SOA minimum"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1624
+ msgid "How long should negative responses be cached"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1631
+-msgid "SOA time to live"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1632
++msgid "SOA time to live"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1633
+ msgid "SOA record time to live"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1638
+-msgid "SOA class"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1639
++msgid "SOA class"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1640
+ msgid "SOA record class"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1644 ipalib/plugins/dns.py:1645
++#: ipalib/plugins/dns.py:1645 ipalib/plugins/dns.py:1646
+ msgid "BIND update policy"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1651
+-msgid "Active zone"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1652
++msgid "Active zone"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1653
+ msgid "Is zone active?"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1658
+-msgid "Dynamic update"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1659
++msgid "Dynamic update"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1660
+ msgid "Allow dynamic updates."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1668
+-msgid "Allow query"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1669
++msgid "Allow query"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1670
+ msgid ""
+ "Semicolon separated list of IP addresses or networks which are allowed to "
+ "issue queries"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1677
+-msgid "Allow transfer"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1678
++msgid "Allow transfer"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1679
+ msgid ""
+ "Semicolon separated list of IP addresses or networks which are allowed to "
+ "transfer the zone"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1685
+-msgid "Zone forwarders"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:1686
++msgid "Zone forwarders"
++msgstr ""
++
++#: ipalib/plugins/dns.py:1687
+ msgid ""
+ "Per-zone forwarders. A custom port can be specified for each forwarder using "
+ "a standard format \"IP_ADDRESS port PORT\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1692 ipalib/plugins/dns.py:2999
++#: ipalib/plugins/dns.py:1693 ipalib/plugins/dns.py:2999
+ msgid "Forward policy"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1693
++#: ipalib/plugins/dns.py:1694
+ msgid ""
+ "Per-zone conditional forwarding policy. Set to \"none\" to disable "
+ "forwarding to global forwarder for this zone. In that case, conditional zone "
+ "forwarders are disregarded."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1700 ipalib/plugins/dns.py:3006
++#: ipalib/plugins/dns.py:1701 ipalib/plugins/dns.py:3006
+ msgid "Allow PTR sync"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1701
++#: ipalib/plugins/dns.py:1702
+ msgid ""
+ "Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the "
+ "zone"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1763
++#: ipalib/plugins/dns.py:1764
+ msgid "Create new DNS zone (SOA record)."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1768 ipalib/plugins/dns.py:1903
+-#: ipalib/plugins/dns.py:2364 ipalib/plugins/host.py:397
++#: ipalib/plugins/dns.py:1769 ipalib/plugins/dns.py:1904
++#: ipalib/plugins/dns.py:2365 ipalib/plugins/host.py:399
+ #: ipalib/plugins/permission.py:298 ipalib/plugins/realmdomains.py:97
+ #: ipalib/plugins/service.py:369
+ msgid "Force"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1769
++#: ipalib/plugins/dns.py:1770
+ msgid "Force DNS zone creation even if nameserver is not resolvable."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1772
++#: ipalib/plugins/dns.py:1773
+ msgid "Add forward record for nameserver located in the created zone"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1773 ipalib/plugins/dns.py:1794
++#: ipalib/plugins/dns.py:1774 ipalib/plugins/dns.py:1795
+ msgid "Nameserver IP address"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1800
++#: ipalib/plugins/dns.py:1801
+ msgid "DNS is not configured"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1810
++#: ipalib/plugins/dns.py:1811
+ msgid "Nameserver address is not a domain name"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1823
++#: ipalib/plugins/dns.py:1824
+ msgid "Nameserver for reverse zone cannot be a relative DNS name"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1827
++#: ipalib/plugins/dns.py:1828
+ msgid "Nameserver DNS record is created for for forward zones only"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1831
++#: ipalib/plugins/dns.py:1832
+ msgid "Nameserver DNS record is created only for nameservers in current zone"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1872
++#: ipalib/plugins/dns.py:1873
+ msgid "Delete DNS zone (SOA record)."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1874
++#: ipalib/plugins/dns.py:1875
+ #, python-format
+ msgid "Deleted DNS zone \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1899
++#: ipalib/plugins/dns.py:1900
+ msgid "Modify DNS zone (SOA record)."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1904
++#: ipalib/plugins/dns.py:1905
+ msgid "Force nameserver change even if nameserver not in DNS"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1921
++#: ipalib/plugins/dns.py:1922
+ msgid "Search for DNS zones (SOA records)."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1945
++#: ipalib/plugins/dns.py:1946
+ msgid "Forward zones only"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1947
++#: ipalib/plugins/dns.py:1948
+ msgid "Search for forward zones only"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1967
++#: ipalib/plugins/dns.py:1968
+ msgid "Display information about a DNS zone (SOA record)."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1975
++#: ipalib/plugins/dns.py:1976
+ msgid "Disable DNS Zone."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1978
++#: ipalib/plugins/dns.py:1979
+ #, python-format
+ msgid "Disabled DNS zone \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1996
++#: ipalib/plugins/dns.py:1997
+ msgid "Enable DNS Zone."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:1999
++#: ipalib/plugins/dns.py:2000
+ #, python-format
+ msgid "Enabled DNS zone \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2016
++#: ipalib/plugins/dns.py:2017
+ msgid "Add a permission for per-zone access delegation."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2019
++#: ipalib/plugins/dns.py:2020
+ #, python-format
+ msgid "Added system permission \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2052
++#: ipalib/plugins/dns.py:2053
+ msgid "Remove a permission for per-zone access delegation."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2055
++#: ipalib/plugins/dns.py:2056
+ #, python-format
+ msgid "Removed system permission \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2086
+-msgid "DNS resource record"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:2087
++msgid "DNS resource record"
++msgstr ""
++
++#: ipalib/plugins/dns.py:2088
+ msgid "DNS resource records"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2092
+-msgid "DNS Resource Records"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:2093
++msgid "DNS Resource Records"
++msgstr ""
++
++#: ipalib/plugins/dns.py:2094
+ msgid "DNS Resource Record"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2099 ipalib/plugins/dns.py:2100
++#: ipalib/plugins/dns.py:2100 ipalib/plugins/dns.py:2101
+ msgid "Record name"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2105 ipalib/plugins/dns.py:2106
++#: ipalib/plugins/dns.py:2106 ipalib/plugins/dns.py:2107
+ msgid "Time to live"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2110 ipalib/plugins/host.py:329
++#: ipalib/plugins/dns.py:2111 ipalib/plugins/host.py:331
+ msgid "Class"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2111
++#: ipalib/plugins/dns.py:2112
+ msgid "DNS class"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2117
+-msgid "Structured"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:2118
++msgid "Structured"
++msgstr ""
++
++#: ipalib/plugins/dns.py:2119
+ msgid "Parse all raw DNS records and return them in a structured way"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2149
++#: ipalib/plugins/dns.py:2150
+ #, python-format
+ msgid ""
+ "Reverse zone for PTR record should be a sub-zone of one the following fully "
+ "qualified domains: %s"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2155
++#: ipalib/plugins/dns.py:2156
+ #, python-format
+ msgid ""
+ "Reverse zone %(name)s requires exactly %(count)d IP address components, "
+ "%(user_count)d given"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2327
++#: ipalib/plugins/dns.py:2328
+ msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2333
++#: ipalib/plugins/dns.py:2334
+ msgid ""
+ "CNAME record is not allowed to coexist with any other record (RFC 1034, "
+ "section 3.6.2)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2345
++#: ipalib/plugins/dns.py:2346
+ msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2350
++#: ipalib/plugins/dns.py:2351
+ msgid ""
+ "DNAME record is not allowed to coexist with an NS record except when located "
+ "in a zone root record (RFC 6672, section 2.3)"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2358
++#: ipalib/plugins/dns.py:2359
+ msgid "Add new DNS resource record."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2366
++#: ipalib/plugins/dns.py:2367
+ msgid "force NS record creation even if its hostname is not in DNS"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2403
+-msgid "Please choose a type of DNS resource record to be added"
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:2404
++msgid "Please choose a type of DNS resource record to be added"
++msgstr ""
++
++#: ipalib/plugins/dns.py:2405
+ #, python-format
+ msgid "The most common types for this type of zone are: %s\n"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2409
++#: ipalib/plugins/dns.py:2410
+ msgid "DNS resource record type"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2425
++#: ipalib/plugins/dns.py:2426
+ #, python-format
+ msgid "Invalid or unsupported type. Allowed values are: %s"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2453
++#: ipalib/plugins/dns.py:2454
+ #, python-format
+ msgid "Raw value of a DNS record was already set by \"%(name)s\" option"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2548
++#: ipalib/plugins/dns.py:2549
+ msgid "Modify a DNS resource record."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2565
++#: ipalib/plugins/dns.py:2566
+ msgid "DNS zone root record cannot be renamed"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2583
++#: ipalib/plugins/dns.py:2584
+ msgid "DNS records can be only updated one at a time"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2663
++#: ipalib/plugins/dns.py:2664
+ msgid "No option to modify specific record provided."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2666 ipalib/plugins/dns.py:2838
++#: ipalib/plugins/dns.py:2667 ipalib/plugins/dns.py:2839
+ msgid "Current DNS record contents:\n"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2688
++#: ipalib/plugins/dns.py:2689
+ #, python-format
+ msgid "Modify %(name)s '%(value)s'?"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2696
++#: ipalib/plugins/dns.py:2697
+ #, python-format
+ msgid ""
+ "%(count)d %(type)s record skipped. Only one value per DNS record type can be "
+@@ -3569,66 +3569,66 @@ msgid_plural ""
+ msgstr[0] ""
+ msgstr[1] ""
+
+-#: ipalib/plugins/dns.py:2708
++#: ipalib/plugins/dns.py:2709
+ #, python-format
+ msgid "Deleted record \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2715
++#: ipalib/plugins/dns.py:2716
+ msgid "Delete DNS resource record."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2719
++#: ipalib/plugins/dns.py:2720
+ msgid ""
+ "Neither --del-all nor options to delete a specific record provided.\n"
+ "Command help may be consulted for all supported record types."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2725
++#: ipalib/plugins/dns.py:2726
+ msgid "Delete all associated records"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2791
++#: ipalib/plugins/dns.py:2792
+ #, python-format
+ msgid "Zone record '%s' cannot be deleted"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2830
+-msgid "No option to delete specific record provided."
+-msgstr ""
+-
+ #: ipalib/plugins/dns.py:2831
++msgid "No option to delete specific record provided."
++msgstr ""
++
++#: ipalib/plugins/dns.py:2832
+ msgid "Delete all?"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2859
++#: ipalib/plugins/dns.py:2860
+ #, python-format
+ msgid "Delete %(name)s '%(value)s'?"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2870
++#: ipalib/plugins/dns.py:2871
+ msgid "Display DNS resource."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2887
++#: ipalib/plugins/dns.py:2888
+ msgid "Search for DNS resources."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2922
++#: ipalib/plugins/dns.py:2923
+ msgid "Resolve a host name in DNS."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2925
++#: ipalib/plugins/dns.py:2926
+ #, python-format
+ msgid "Found '%(value)s'"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2942
++#: ipalib/plugins/dns.py:2943
+ #, python-format
+ msgid "Host '%(host)s' not found"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:2979
++#: ipalib/plugins/dns.py:2980
+ msgid "DNS configuration options"
+ msgstr ""
+
+@@ -3660,19 +3660,15 @@ msgstr ""
+ msgid "Zone refresh interval"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:3012
+-msgid "An interval between regular polls of the name server for new DNS zones"
+-msgstr ""
+-
+-#: ipalib/plugins/dns.py:3027
++#: ipalib/plugins/dns.py:3025
+ msgid "Global DNS configuration is empty"
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:3033
++#: ipalib/plugins/dns.py:3031
+ msgid "Modify global DNS configuration."
+ msgstr ""
+
+-#: ipalib/plugins/dns.py:3044
++#: ipalib/plugins/dns.py:3042
+ msgid "Show the current global DNS configuration."
+ msgstr ""
+
+@@ -4050,7 +4046,7 @@ msgstr ""
+ msgid "Service category the rule applies to"
+ msgstr ""
+
+-#: ipalib/plugins/hbacrule.py:182 ipalib/plugins/internal.py:657
++#: ipalib/plugins/hbacrule.py:182 ipalib/plugins/internal.py:658
+ #: ipalib/plugins/selinuxusermap.py:187 ipalib/plugins/sudorule.py:114
+ msgid "Enabled"
+ msgstr ""
+@@ -4061,7 +4057,7 @@ msgstr ""
+ msgid "Users"
+ msgstr ""
+
+-#: ipalib/plugins/hbacrule.py:194 ipalib/plugins/host.py:254
++#: ipalib/plugins/hbacrule.py:194 ipalib/plugins/host.py:256
+ #: ipalib/plugins/internal.py:490 ipalib/plugins/selinuxusermap.py:199
+ #: ipalib/plugins/sudorule.py:163
+ msgid "Hosts"
+@@ -4680,11 +4676,14 @@ msgid ""
+ " Host Enrollment privilege.\n"
+ "3. The host has been created with a one-time password.\n"
+ "\n"
+-"A host can only be enrolled once. If a client has enrolled and needs to\n"
+-"be re-enrolled, the host entry must be removed and re-created. Note that\n"
+-"re-creating the host entry will result in all services for the host being\n"
+-"removed, and all SSL certificates associated with those services being\n"
+-"revoked.\n"
++"\n"
++"RE-ENROLLMENT:\n"
++"\n"
++"Host that has been enrolled at some point, and lost its configuration (e.g. "
++"VM\n"
++"destroyed) can be re-enrolled.\n"
++"\n"
++"For more information, consult the manual pages for ipa-client-install.\n"
+ "\n"
+ "A host can optionally store information such as where it is located,\n"
+ "the OS that it runs, etc.\n"
+@@ -4717,221 +4716,221 @@ msgid ""
+ " ipa host-add-managedby --hosts=test2 test\n"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:156 ipalib/plugins/service.py:96
++#: ipalib/plugins/host.py:158 ipalib/plugins/service.py:96
+ msgid "Keytab"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:168 ipalib/plugins/internal.py:363
++#: ipalib/plugins/host.py:170 ipalib/plugins/internal.py:363
+ #: ipalib/plugins/service.py:105
+ msgid "Serial Number"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:171 ipalib/plugins/internal.py:364
++#: ipalib/plugins/host.py:173 ipalib/plugins/internal.py:364
+ #: ipalib/plugins/service.py:108
+ msgid "Serial Number (hex)"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:192
++#: ipalib/plugins/host.py:194
+ msgid "Failed managedby"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:195 ipalib/plugins/user.py:92
++#: ipalib/plugins/host.py:197 ipalib/plugins/user.py:92
+ msgid "SSH public key fingerprint"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:221
++#: ipalib/plugins/host.py:223
+ msgid "host"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:222
++#: ipalib/plugins/host.py:224
+ msgid "hosts"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:255 ipalib/plugins/internal.py:488
+-#: ipalib/plugins/internal.py:538
++#: ipalib/plugins/host.py:257 ipalib/plugins/internal.py:488
++#: ipalib/plugins/internal.py:539
+ msgid "Host"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:260
++#: ipalib/plugins/host.py:262
+ msgid "Host name"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:267
++#: ipalib/plugins/host.py:269
+ msgid "A description of this host"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:271
++#: ipalib/plugins/host.py:273
+ msgid "Locality"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:272
++#: ipalib/plugins/host.py:274
+ msgid "Host locality (e.g. \"Baltimore, MD\")"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:277
++#: ipalib/plugins/host.py:279
+ msgid "Host location (e.g. \"Lab 2\")"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:281
++#: ipalib/plugins/host.py:283
+ msgid "Platform"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:282
++#: ipalib/plugins/host.py:284
+ msgid "Host hardware platform (e.g. \"Lenovo T61\")"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:286
++#: ipalib/plugins/host.py:288
+ msgid "Operating system"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:287
++#: ipalib/plugins/host.py:289
+ msgid "Host operating system and version (e.g. \"Fedora 9\")"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:291
++#: ipalib/plugins/host.py:293
+ msgid "User password"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:292
++#: ipalib/plugins/host.py:294
+ msgid "Password used in bulk enrollment"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:295
++#: ipalib/plugins/host.py:297
+ msgid "Generate a random password to be used in bulk enrollment"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:300 ipalib/plugins/user.py:301
++#: ipalib/plugins/host.py:302 ipalib/plugins/user.py:301
+ msgid "Random password"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:306 ipalib/plugins/service.py:329
++#: ipalib/plugins/host.py:308 ipalib/plugins/service.py:329
+ msgid "Base-64 encoded server certificate"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:309 ipalib/plugins/host.py:627
++#: ipalib/plugins/host.py:311 ipalib/plugins/host.py:629
+ msgid "Principal name"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:317
++#: ipalib/plugins/host.py:319
+ msgid "MAC address"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:318
++#: ipalib/plugins/host.py:320
+ msgid "Hardware MAC address(es) on this host"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:322 ipalib/plugins/user.py:363
++#: ipalib/plugins/host.py:324 ipalib/plugins/user.py:363
+ msgid "SSH public key"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:330
++#: ipalib/plugins/host.py:332
+ msgid ""
+ "Host category (semantics placed on this attribute are for local "
+ "interpretation)"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:390
++#: ipalib/plugins/host.py:392
+ msgid "Add a new host."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:393
++#: ipalib/plugins/host.py:395
+ #, python-format
+ msgid "Added host \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/host.py:398
++#: ipalib/plugins/host.py:400
+ msgid "force host name even if not in DNS"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:401
++#: ipalib/plugins/host.py:403
+ msgid "skip reverse DNS detection"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:404
++#: ipalib/plugins/host.py:406
+ msgid "Add the host to DNS with this IP address"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:485
++#: ipalib/plugins/host.py:487
+ #, python-format
+ msgid "The host was added but the DNS update failed with: %(exc)s"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:506
+-msgid "Delete a host."
+-msgstr ""
+-
+ #: ipalib/plugins/host.py:508
++msgid "Delete a host."
++msgstr ""
++
++#: ipalib/plugins/host.py:510
+ #, python-format
+ msgid "Deleted host \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/host.py:513
++#: ipalib/plugins/host.py:515
+ msgid "Remove entries from DNS"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:618
++#: ipalib/plugins/host.py:620
+ msgid "Modify information about a host."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:621
++#: ipalib/plugins/host.py:623
+ #, python-format
+ msgid "Modified host \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/host.py:628
++#: ipalib/plugins/host.py:630
+ msgid "Kerberos principal name for this host"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:632
++#: ipalib/plugins/host.py:634
+ msgid "Update DNS entries"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:645
++#: ipalib/plugins/host.py:647
+ msgid "Password cannot be set on enrolled host."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:649
++#: ipalib/plugins/host.py:651
+ msgid "cn is immutable"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:768
++#: ipalib/plugins/host.py:770
+ msgid "Search for hosts."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:772
++#: ipalib/plugins/host.py:774
+ #, python-format
+ msgid "%(count)d host matched"
+ msgid_plural "%(count)d hosts matched"
+ msgstr[0] ""
+ msgstr[1] ""
+
+-#: ipalib/plugins/host.py:854
++#: ipalib/plugins/host.py:856
+ msgid "Display information about a host."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:859 ipalib/plugins/service.py:560
++#: ipalib/plugins/host.py:861 ipalib/plugins/service.py:560
+ msgid "file to store certificate in"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:891 ipalib/plugins/service.py:580
++#: ipalib/plugins/host.py:893 ipalib/plugins/service.py:580
+ #, python-format
+ msgid "Certificate stored in file '%(file)s'"
+ msgstr ""
+
+-#: ipalib/plugins/host.py:902
++#: ipalib/plugins/host.py:904
+ msgid "Disable the Kerberos key, SSL certificate and all services of a host."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:905
++#: ipalib/plugins/host.py:907
+ #, python-format
+ msgid "Disabled host \"%(value)s\""
+ msgstr ""
+
+-#: ipalib/plugins/host.py:998
++#: ipalib/plugins/host.py:1000
+ msgid "Add hosts that can manage this host."
+ msgstr ""
+
+-#: ipalib/plugins/host.py:1013
++#: ipalib/plugins/host.py:1015
+ msgid "Remove hosts that can manage this host."
+ msgstr ""
+
+@@ -5581,15 +5580,15 @@ msgstr ""
+ msgid "Close"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:194 ipalib/plugins/internal.py:654
++#: ipalib/plugins/internal.py:194 ipalib/plugins/internal.py:655
+ msgid "Disable"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:195
+ msgid "Edit"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:196 ipalib/plugins/internal.py:656
++#: ipalib/plugins/internal.py:196 ipalib/plugins/internal.py:657
+ msgid "Enable"
+ msgstr ""
+
+@@ -5950,7 +5949,7 @@ msgstr ""
+ msgid "CA Compromise"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:320 ipalib/plugins/internal.py:664
++#: ipalib/plugins/internal.py:320 ipalib/plugins/internal.py:665
+ msgid "Certificates"
+ msgstr ""
+
+@@ -6177,8 +6176,8 @@ msgstr ""
+ msgid "Forward only"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:386 ipalib/plugins/internal.py:587
+-#: ipalib/plugins/internal.py:610
++#: ipalib/plugins/internal.py:386 ipalib/plugins/internal.py:588
++#: ipalib/plugins/internal.py:611
+ msgid "Options"
+ msgstr ""
+
+@@ -6271,7 +6270,7 @@ msgid "Group Settings"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:415 ipalib/plugins/internal.py:487
+-#: ipalib/plugins/internal.py:582
++#: ipalib/plugins/internal.py:583
+ msgid "External"
+ msgstr ""
+
+@@ -6296,46 +6295,46 @@ msgid "Group Type"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:423 ipalib/plugins/internal.py:485
+-#: ipalib/plugins/internal.py:536 ipalib/plugins/internal.py:578
++#: ipalib/plugins/internal.py:537 ipalib/plugins/internal.py:579
+ msgid "Any Host"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:424
+ msgid "Any Service"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:425 ipalib/plugins/internal.py:486
+-#: ipalib/plugins/internal.py:537 ipalib/plugins/internal.py:579
++#: ipalib/plugins/internal.py:538 ipalib/plugins/internal.py:580
+ msgid "Anyone"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:426
+ msgid "Accessing"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:427 ipalib/plugins/internal.py:584
++#: ipalib/plugins/internal.py:427 ipalib/plugins/internal.py:585
+ msgid "Rule status"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:428
+ msgid "Via Service"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:429 ipalib/plugins/internal.py:492
+-#: ipalib/plugins/internal.py:539 ipalib/plugins/internal.py:591
++#: ipalib/plugins/internal.py:540 ipalib/plugins/internal.py:592
+ msgid "Specified Hosts and Groups"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:430
+ msgid "Specified Services and Groups"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:431 ipalib/plugins/internal.py:493
+-#: ipalib/plugins/internal.py:540 ipalib/plugins/internal.py:592
++#: ipalib/plugins/internal.py:541 ipalib/plugins/internal.py:593
+ msgid "Specified Users and Groups"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:432 ipalib/plugins/internal.py:593
++#: ipalib/plugins/internal.py:432 ipalib/plugins/internal.py:594
+ msgid "Who"
+ msgstr ""
+
+@@ -6391,11 +6390,11 @@ msgstr ""
+ msgid "Host Certificate"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:455 ipalib/plugins/internal.py:547
++#: ipalib/plugins/internal.py:455 ipalib/plugins/internal.py:548
+ msgid "Host Name"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:456 ipalib/plugins/internal.py:545
++#: ipalib/plugins/internal.py:456 ipalib/plugins/internal.py:546
+ msgid "Delete Key, Unprovision"
+ msgstr ""
+
+@@ -6419,7 +6418,7 @@ msgstr ""
+ msgid "Kerberos Key"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:462 ipalib/plugins/internal.py:548
++#: ipalib/plugins/internal.py:462 ipalib/plugins/internal.py:549
+ msgid "Kerberos Key Not Present"
+ msgstr ""
+
+@@ -6459,15 +6458,15 @@ msgstr ""
+ msgid "Set One-Time-Password"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:473 ipalib/plugins/internal.py:552
++#: ipalib/plugins/internal.py:473 ipalib/plugins/internal.py:553
+ msgid "Unprovision"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:474
+ msgid "Are you sure you want to unprovision this host?"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:475 ipalib/plugins/internal.py:554
++#: ipalib/plugins/internal.py:475 ipalib/plugins/internal.py:555
+ msgid "Unprovisioning ${entity}"
+ msgstr ""
+
+@@ -6488,12 +6487,12 @@ msgstr ""
+ msgid "Netgroup Settings"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:494 ipalib/plugins/internal.py:541
+-#: ipalib/plugins/pwpolicy.py:443 ipalib/plugins/user.py:226
++#: ipalib/plugins/internal.py:494 ipalib/plugins/internal.py:542
++#: ipalib/plugins/pwpolicy.py:444 ipalib/plugins/user.py:226
+ msgid "User"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:499 ipalib/plugins/internal.py:667
++#: ipalib/plugins/internal.py:499 ipalib/plugins/internal.py:668
+ msgid "Identity"
+ msgstr ""
+
+@@ -6542,448 +6541,452 @@ msgid "Active Directory domain with POSIX attributes"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:520
+-msgid "Local domain"
++msgid "Detect"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:521
+-msgid "IPA trust"
++msgid "Local domain"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:522
++msgid "IPA trust"
++msgstr ""
++
++#: ipalib/plugins/internal.py:523
+ msgid "Active Directory winsync"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:525 ipalib/plugins/realmdomains.py:65
++#: ipalib/plugins/internal.py:526 ipalib/plugins/realmdomains.py:65
+ #: ipalib/plugins/realmdomains.py:66
+ msgid "Realm Domains"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:526
+-msgid "Check DNS"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:527
+-msgid "Do you also want to perform DNS check?"
++msgid "Check DNS"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:528
++msgid "Do you also want to perform DNS check?"
++msgstr ""
++
++#: ipalib/plugins/internal.py:529
+ msgid "Force Update"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:531
++#: ipalib/plugins/internal.py:532
+ msgid "Role Settings"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:544
++#: ipalib/plugins/internal.py:545
+ msgid "Service Certificate"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:546
++#: ipalib/plugins/internal.py:547
+ msgid "Service Settings"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:549
++#: ipalib/plugins/internal.py:550
+ msgid "Provisioning"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:553
++#: ipalib/plugins/internal.py:554
+ msgid "Are you sure you want to unprovision this service?"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:555
+-msgid "Service unprovisioned"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:556
++msgid "Service unprovisioned"
++msgstr ""
++
++#: ipalib/plugins/internal.py:557
+ msgid "Kerberos Key Present, Service Provisioned"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:559
+-msgid "SSH public keys"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:560
+-msgid "SSH public key:"
++msgid "SSH public keys"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:561
+-msgid "Set SSH key"
++msgid "SSH public key:"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:562
+-msgid "Show/Set key"
++msgid "Set SSH key"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:563
+-msgid "Modified: key not set"
++msgid "Show/Set key"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:564
+-msgid "Modified"
++msgid "Modified: key not set"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:565
+-msgid "New: key not set"
++msgid "Modified"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:566
++msgid "New: key not set"
++msgstr ""
++
++#: ipalib/plugins/internal.py:567
+ msgid "New: key set"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:569
++#: ipalib/plugins/internal.py:570
+ msgid "Groups"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:572 ipalib/plugins/sudocmdgroup.py:82
++#: ipalib/plugins/internal.py:573 ipalib/plugins/sudocmdgroup.py:82
+ msgid "Commands"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:575
+-msgid "Allow"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:576
+-msgid "Any Command"
++msgid "Allow"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:577
++msgid "Any Command"
++msgstr ""
++
++#: ipalib/plugins/internal.py:578
+ msgid "Any Group"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:580
+-msgid "Run Commands"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:581
++msgid "Run Commands"
++msgstr ""
++
++#: ipalib/plugins/internal.py:582
+ msgid "Deny"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:583
++#: ipalib/plugins/internal.py:584
+ msgid "Access this host"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:585
+-msgid "Option added"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:586
++msgid "Option added"
++msgstr ""
++
++#: ipalib/plugins/internal.py:587
+ msgid "${count} option(s) removed"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:588
+-msgid "As Whom"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:589
+-msgid "Specified Commands and Groups"
++msgid "As Whom"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:590
++msgid "Specified Commands and Groups"
++msgstr ""
++
++#: ipalib/plugins/internal.py:591
+ msgid "Specified Groups"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:596
+-msgid "Account"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:597
+-msgid "Administrative account"
++msgid "Account"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:598
+-msgid "SID blacklists"
++msgid "Administrative account"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:599
++msgid "SID blacklists"
++msgstr ""
++
++#: ipalib/plugins/internal.py:600
+ msgid "Trust Settings"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:600 ipalib/plugins/realmdomains.py:73
++#: ipalib/plugins/internal.py:601 ipalib/plugins/realmdomains.py:73
+ #: ipalib/plugins/trust.py:789
+ msgid "Domain"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:601
++#: ipalib/plugins/internal.py:602
+ msgid "Establish using"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:602 ipalib/plugins/trust.py:211
++#: ipalib/plugins/internal.py:603 ipalib/plugins/trust.py:211
+ msgid "Domain NetBIOS name"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:603 ipalib/plugins/trust.py:215
++#: ipalib/plugins/internal.py:604 ipalib/plugins/trust.py:215
+ msgid "Domain Security Identifier"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:604
++#: ipalib/plugins/internal.py:605
+ msgid "Pre-shared password"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:605 ipalib/plugins/trust.py:134
++#: ipalib/plugins/internal.py:606 ipalib/plugins/trust.py:134
+ msgid "Trust direction"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:606 ipalib/plugins/trust.py:138
++#: ipalib/plugins/internal.py:607 ipalib/plugins/trust.py:138
+ msgid "Trust status"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:607 ipalib/plugins/trust.py:136
++#: ipalib/plugins/internal.py:608 ipalib/plugins/trust.py:136
+ msgid "Trust type"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:613
+-msgid "Account Settings"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:614
+-msgid "Account Status"
++msgid "Account Settings"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:615
+-msgid "Contact Settings"
++msgid "Account Status"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:616
+-msgid "Employee Information"
++msgid "Contact Settings"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:617
+-msgid "Error changing account status"
++msgid "Employee Information"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:618
+-msgid "Password expiration"
++msgid "Error changing account status"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:619
+-msgid "Mailing Address"
++msgid "Password expiration"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:620
+-msgid "Misc. Information"
++msgid "Mailing Address"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:621
++msgid "Misc. Information"
++msgstr ""
++
++#: ipalib/plugins/internal.py:622
+ msgid ""
+ "Are you sure you want to ${action} the user?<br/>The change will take effect "
+ "immediately."
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:622
++#: ipalib/plugins/internal.py:623
+ msgid "Click to ${action}"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:626 ipalib/plugins/passwd.py:80
++#: ipalib/plugins/internal.py:627 ipalib/plugins/passwd.py:80
+ msgid "Current Password"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:627
+-msgid "Current password is required"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:628
+-msgid "Your password expires in ${days} days."
++msgid "Current password is required"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:629
++msgid "Your password expires in ${days} days."
++msgstr ""
++
++#: ipalib/plugins/internal.py:630
+ msgid "The password or username you entered is incorrect."
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:630 ipalib/plugins/passwd.py:77
++#: ipalib/plugins/internal.py:631 ipalib/plugins/passwd.py:77
+ msgid "New Password"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:631
++#: ipalib/plugins/internal.py:632
+ msgid "New password is required"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:633
+-msgid "Password change complete"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:634
+-msgid "Passwords must match"
++msgid "Password change complete"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:635
+-msgid "Password reset was not successful."
++msgid "Passwords must match"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:636
+-msgid "Reset Password"
++msgid "Password reset was not successful."
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:637
+-msgid "Reset your password."
++msgid "Reset Password"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:638
++msgid "Reset your password."
++msgstr ""
++
++#: ipalib/plugins/internal.py:639
+ msgid "Verify Password"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:641
+-msgid "Are you sure you want to delete selected entries?"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:642
+-msgid "${count} item(s) deleted"
++msgid "Are you sure you want to delete selected entries?"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:643
+-msgid "Are you sure you want to disable selected entries?"
++msgid "${count} item(s) deleted"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:644
+-msgid "${count} item(s) disabled"
++msgid "Are you sure you want to disable selected entries?"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:645
+-msgid "Are you sure you want to enable selected entries?"
++msgid "${count} item(s) disabled"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:646
+-msgid "${count} item(s) enabled"
++msgid "Are you sure you want to enable selected entries?"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:647
+-msgid "Some entries were not deleted"
++msgid "${count} item(s) enabled"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:648
+-msgid "Quick Links"
++msgid "Some entries were not deleted"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:649
+-msgid "Select All"
++msgid "Quick Links"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:650
++msgid "Select All"
++msgstr ""
++
++#: ipalib/plugins/internal.py:651
+ msgid ""
+ "Query returned more results than the configured size limit. Displaying the "
+ "first ${counter} results."
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:651
++#: ipalib/plugins/internal.py:652
+ msgid "Unselect All"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:655
++#: ipalib/plugins/internal.py:656
+ msgid "Disabled"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:661
+-msgid "Audit"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:662
+-msgid "Automember"
++msgid "Audit"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:663
++msgid "Automember"
++msgstr ""
++
++#: ipalib/plugins/internal.py:664
+ msgid "Automount"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:665
+-msgid "DNS"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:666
++msgid "DNS"
++msgstr ""
++
++#: ipalib/plugins/internal.py:667
+ msgid "Host Based Access Control"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:668
+-msgid "IPA Server"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:669
+-msgid "Policy"
++msgid "IPA Server"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:670
+-msgid "Role Based Access Control"
++msgid "Policy"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:671
++msgid "Role Based Access Control"
++msgstr ""
++
++#: ipalib/plugins/internal.py:672
+ msgid "Sudo"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:672 ipalib/plugins/trust.py:200
++#: ipalib/plugins/internal.py:673 ipalib/plugins/trust.py:200
+ msgid "Trusts"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:674
++#: ipalib/plugins/internal.py:675
+ msgid "True"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:676
+-msgid "Next"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:677
+-msgid "Page"
++msgid "Next"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:678
+-msgid "Prev"
++msgid "Page"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:679
+-msgid "undo"
++msgid "Prev"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:680
++msgid "undo"
++msgstr ""
++
++#: ipalib/plugins/internal.py:681
+ msgid "undo all"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:682
+-msgid "Text does not match field pattern"
+-msgstr ""
+-
+ #: ipalib/plugins/internal.py:683
+-msgid "Must be a decimal number"
++msgid "Text does not match field pattern"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:684
+-msgid "Must be an integer"
++msgid "Must be a decimal number"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:685
+-msgid "Not a valid IP address"
++msgid "Must be an integer"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:686
+-msgid "Not a valid IPv4 address"
++msgid "Not a valid IP address"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:687
+-msgid "Not a valid IPv6 address"
++msgid "Not a valid IPv4 address"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:688
+-msgid "Maximum value is ${value}"
++msgid "Not a valid IPv6 address"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:689
+-msgid "Minimum value is ${value}"
++msgid "Maximum value is ${value}"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:690
+-msgid "Not a valid network address"
++msgid "Minimum value is ${value}"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:691
+-msgid "'${port}' is not a valid port"
++msgid "Not a valid network address"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:692
+-msgid "Required field"
++msgid "'${port}' is not a valid port"
+ msgstr ""
+
+ #: ipalib/plugins/internal.py:693
++msgid "Required field"
++msgstr ""
++
++#: ipalib/plugins/internal.py:694
+ msgid "Unsupported value"
+ msgstr ""
+
+-#: ipalib/plugins/internal.py:698
++#: ipalib/plugins/internal.py:699
+ msgid "Dict of I18N messages"
+ msgstr ""
+
+@@ -8034,75 +8037,75 @@ msgstr ""
+ msgid "Maximum password lifetime (in days)"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:241
+-msgid "Min lifetime (hours)"
+-msgstr ""
+-
+ #: ipalib/plugins/pwpolicy.py:242
++msgid "Min lifetime (hours)"
++msgstr ""
++
++#: ipalib/plugins/pwpolicy.py:243
+ msgid "Minimum password lifetime (in hours)"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:247
+-msgid "History size"
+-msgstr ""
+-
+ #: ipalib/plugins/pwpolicy.py:248
++msgid "History size"
++msgstr ""
++
++#: ipalib/plugins/pwpolicy.py:249
+ msgid "Password history size"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:253
+-msgid "Character classes"
+-msgstr ""
+-
+ #: ipalib/plugins/pwpolicy.py:254
++msgid "Character classes"
++msgstr ""
++
++#: ipalib/plugins/pwpolicy.py:255
+ msgid "Minimum number of character classes"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:260
+-msgid "Min length"
+-msgstr ""
+-
+ #: ipalib/plugins/pwpolicy.py:261
++msgid "Min length"
++msgstr ""
++
++#: ipalib/plugins/pwpolicy.py:262
+ msgid "Minimum length of password"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:267
++#: ipalib/plugins/pwpolicy.py:268
+ msgid "Priority of the policy (higher number means lower priority"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:321
++#: ipalib/plugins/pwpolicy.py:322
+ msgid "Maximum password life must be greater than minimum."
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:340
++#: ipalib/plugins/pwpolicy.py:341
+ msgid "Add a new group password policy."
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:367
++#: ipalib/plugins/pwpolicy.py:368
+ msgid "Delete a group password policy."
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:379
++#: ipalib/plugins/pwpolicy.py:380
+ msgid "cannot delete global password policy"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:395
++#: ipalib/plugins/pwpolicy.py:396
+ msgid "Modify a group password policy."
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:406
++#: ipalib/plugins/pwpolicy.py:407
+ msgid "priority cannot be set on global policy"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:439
++#: ipalib/plugins/pwpolicy.py:440
+ msgid "Display information about password policy."
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:444
++#: ipalib/plugins/pwpolicy.py:445
+ msgid "Display effective policy for a specific user"
+ msgstr ""
+
+-#: ipalib/plugins/pwpolicy.py:469
++#: ipalib/plugins/pwpolicy.py:470
+ msgid "Search for group password policies."
+ msgstr ""
+
+@@ -9693,6 +9696,26 @@ msgstr ""
+ msgid "Determine whether ipa-adtrust-install has been run on this system"
+ msgstr ""
+
++#: ipalib/plugins/trust.py:998
++msgid ""
++"Determine whether Schema Compatibility plugin is configured to serve trusted "
++"domain users and groups"
++msgstr ""
++
++#: ipalib/plugins/trust.py:1051
++msgid "Determine whether ipa-adtrust-install has been run with sidgen task"
++msgstr ""
++
++#: ipalib/plugins/trust.py:1067
++msgid "sidgen_was_run"
++msgstr ""
++
++#: ipalib/plugins/trust.py:1069
++msgid ""
++"This command relies on the existence of the \"editors\" group, but this "
++"group was not found."
++msgstr ""
++
+ #: ipalib/plugins/user.py:41
+ msgid ""
+ "\n"
+@@ -10195,109 +10218,109 @@ msgid ""
+ " message \"%(message)s\" (both may be \"None\")"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:182
++#: ipaserver/dcerpc.py:194
+ msgid ""
+ "communication with trusted domains is allowed for Trusts administrator group "
+ "members only"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:202
++#: ipaserver/dcerpc.py:214
+ msgid "no trusted domain is configured"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:209
++#: ipaserver/dcerpc.py:221
+ msgid "domain is not configured"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:216
++#: ipaserver/dcerpc.py:228
+ msgid "SID is not valid"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:231
++#: ipaserver/dcerpc.py:243
+ msgid "SID does not match exactlywith any trusted domain's SID"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:242
++#: ipaserver/dcerpc.py:254
+ msgid "SID does not match any trusted domain"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:282 ipaserver/dcerpc.py:288 ipaserver/dcerpc.py:550
++#: ipaserver/dcerpc.py:294 ipaserver/dcerpc.py:300 ipaserver/dcerpc.py:562
+ msgid "Trust setup"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:283
++#: ipaserver/dcerpc.py:295
+ msgid "Our domain is not configured"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:289
++#: ipaserver/dcerpc.py:301
+ msgid "No trusted domain is not configured"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:294 ipaserver/dcerpc.py:309 ipaserver/dcerpc.py:326
+-#: ipaserver/dcerpc.py:338 ipaserver/dcerpc.py:345 ipaserver/dcerpc.py:390
++#: ipaserver/dcerpc.py:306 ipaserver/dcerpc.py:321 ipaserver/dcerpc.py:338
++#: ipaserver/dcerpc.py:350 ipaserver/dcerpc.py:357 ipaserver/dcerpc.py:402
+ msgid "trusted domain object"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:295
++#: ipaserver/dcerpc.py:307
+ msgid "domain is not trusted"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:310
++#: ipaserver/dcerpc.py:322
+ msgid "no trusted domain matched the specified flat name"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:312
++#: ipaserver/dcerpc.py:324
+ msgid "trusted domain object not found"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:327 ipaserver/dcerpc.py:391
++#: ipaserver/dcerpc.py:339 ipaserver/dcerpc.py:403
+ msgid "Ambiguous search, user domain was not specified"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:339
++#: ipaserver/dcerpc.py:351
+ msgid "Trusted domain did not return a unique object"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:346
++#: ipaserver/dcerpc.py:358
+ msgid "Trusted domain did not return a valid SID for the object"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:376 ipaserver/dcerpc.py:386
++#: ipaserver/dcerpc.py:388 ipaserver/dcerpc.py:398
+ msgid "trusted domain user not found"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:486
++#: ipaserver/dcerpc.py:498
+ #, python-format
+ msgid ""
+ "KDC for %(domain)s denied trust account for IPA domain with a message "
+ "'%(message)s'"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:551
++#: ipaserver/dcerpc.py:563
+ msgid "Cannot retrieve trusted domain GC list"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:692
++#: ipaserver/dcerpc.py:704
+ msgid "CIFS credentials object"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:725
++#: ipaserver/dcerpc.py:737
+ #, python-format
+ msgid "CIFS server %(host)s denied your credentials"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:729
++#: ipaserver/dcerpc.py:741
+ #, python-format
+ msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?"
+ msgstr ""
+
+-#: ipaserver/dcerpc.py:881
++#: ipaserver/dcerpc.py:899
+ #, python-format
+ msgid ""
+ "the IPA server and the remote domain cannot share the same NetBIOS name: %s"
+ msgstr ""
+
+-#: ipaserver/install/certs.py:676
++#: ipaserver/install/certs.py:639
+ #, python-format
+ msgid "Unable to communicate with CMS (%s)"
+ msgstr ""
+diff --git a/install/po/ja.po b/install/po/ja.po
+index 994846d9dddde1409d66d1667bb1c2abe762b481..81e940a7bb2e9ae3e82ed9f0d41025cf1407c5ca 100644
+--- a/install/po/ja.po
++++ b/install/po/ja.po
+@@ -8,16 +8,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Japanese <trans-ja at lists.fedoraproject.org>\n"
+-"Language: ja\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: ja\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+
+ #, python-format
+diff --git a/install/po/kn.po b/install/po/kn.po
+index ffbae460dd0f2ebee6cc7c6ad9b7f5ccb3af4eeb..d058f978cdc887e7e67fa5f0a4ee9e698065e294 100644
+--- a/install/po/kn.po
++++ b/install/po/kn.po
+@@ -8,17 +8,17 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Kannada (http://www.transifex.com/projects/p/fedora/language/"
+ "kn/)\n"
+-"Language: kn\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: kn\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+
+ #, python-format
+diff --git a/install/po/nl.po b/install/po/nl.po
+index 39ddf34ad8a75e182d2c8ef3607aa75aef64e79b..b12eb41e6d0bab0dd1696098703774be9bf29c55 100644
+--- a/install/po/nl.po
++++ b/install/po/nl.po
+@@ -7,17 +7,17 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/"
+ "nl/)\n"
+-"Language: nl\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: nl\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ #, c-format
+diff --git a/install/po/pl.po b/install/po/pl.po
+index e78992d67060f607a6d7b308c68aceb27cc33511..0068a4c57df2df71a2f4141caafa1556686fe0e2 100644
+--- a/install/po/pl.po
++++ b/install/po/pl.po
+@@ -9,16 +9,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Polish <trans-pl at lists.fedoraproject.org>\n"
+-"Language: pl\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: pl\n"
+ "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+ "|| n%100>=20) ? 1 : 2);\n"
+
+diff --git a/install/po/ru.po b/install/po/ru.po
+index fbf0d084cce98ac822f3f6553fe4b833c79cb550..d1fad20f8bb9f2fa09ccc7b4d0de2d18541f7081 100644
+--- a/install/po/ru.po
++++ b/install/po/ru.po
+@@ -10,16 +10,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Russian <trans-ru at lists.fedoraproject.org>\n"
+-"Language: ru\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: ru\n"
+ "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+ "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+diff --git a/install/po/tg.po b/install/po/tg.po
+index f777e5c2c5cdf2fd741426119a53bee9cded84c6..43697088fe91588851ba38c9c17a16d18a52633c 100644
+--- a/install/po/tg.po
++++ b/install/po/tg.po
+@@ -7,17 +7,17 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/"
+ "tg/)\n"
+-"Language: tg\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: tg\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+ #, c-format
+diff --git a/install/po/uk.po b/install/po/uk.po
+index ce3fad840852f0e73abcdbf6c3b2ebfb9daeb9be..8489e42ebf1645bf1d0bc27e31a57ff49957cfc1 100644
+--- a/install/po/uk.po
++++ b/install/po/uk.po
+@@ -8,16 +8,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 16:10+0000\n"
+ "Last-Translator: Yuri Chornoivan <yurchor at ukr.net>\n"
+ "Language-Team: Ukrainian <trans-uk at lists.fedoraproject.org>\n"
+-"Language: uk\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: uk\n"
+ "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+ "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+diff --git a/install/po/zh_CN.po b/install/po/zh_CN.po
+index cbf5e4dcfe7ae279fb000530df79895dcc2653f0..4a0aacdad8527f7a40a014094e253863cd07dbc9 100644
+--- a/install/po/zh_CN.po
++++ b/install/po/zh_CN.po
+@@ -8,16 +8,16 @@
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: FreeIPA\n"
+-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
+-"newticket\n"
++"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
++"product=freeIPA\n"
+ "POT-Creation-Date: 2013-08-01 16:02+0200\n"
+ "PO-Revision-Date: 2013-08-01 14:06+0000\n"
+ "Last-Translator: Petr Viktorin <encukou at gmail.com>\n"
+ "Language-Team: Chinese (China) <trans-zh_cn at lists.fedoraproject.org>\n"
+-"Language: zh_CN\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"Language: zh_CN\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+
+ #, python-format
+--
+1.8.3.1
+
diff --git a/freeipa.spec b/freeipa.spec
index c3cf0ab..9dae8f6 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -17,6 +17,8 @@ URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1: 0001-Update-translations.patch
+
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.1.3
BuildRequires: svrcore-devel
More information about the scm-commits
mailing list