Merge "Add keystone domain-specific configuration file options"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
0be7a36f05
@ -44,26 +44,51 @@
|
|||||||
<section xml:id="section_keystone-domain-configs">
|
<section xml:id="section_keystone-domain-configs">
|
||||||
<title>Domain-specific configuration</title>
|
<title>Domain-specific configuration</title>
|
||||||
<para>Identity enables you to configure domain-specific
|
<para>Identity enables you to configure domain-specific
|
||||||
authentication drivers. For example, you can configure a
|
authentication drivers which allows a domain to have its
|
||||||
domain to have its own LDAP or SQL server.</para>
|
own LDAP or SQL server.</para>
|
||||||
|
<section xml:id="section_keystone-domain-configs-enable">
|
||||||
|
<title>Enable domain-specific drivers</title>
|
||||||
<para>By default, the option to configure domain-specific
|
<para>By default, the option to configure domain-specific
|
||||||
drivers is disabled.</para>
|
drivers is disabled. To enable domain-specific drivers,
|
||||||
<para>To enable domain-specific drivers, set these options in
|
set these options in the <filename>keystone.conf</filename>
|
||||||
<literal>[identity]</literal> section in the
|
file:</para>
|
||||||
<filename>keystone.conf</filename> file:</para>
|
|
||||||
<programlisting language="ini">[identity]
|
<programlisting language="ini">[identity]
|
||||||
domain_specific_drivers_enabled = True
|
domain_specific_drivers_enabled = True
|
||||||
domain_config_dir = /etc/keystone/domains</programlisting>
|
domain_config_dir = /etc/keystone/domains</programlisting>
|
||||||
<para>When you enable domain-specific drivers, Identity looks
|
<para>When you enable domain-specific drivers, Identity looks
|
||||||
in the <option>domain_config_dir</option> directory for
|
in the <option>domain_config_dir</option> directory for
|
||||||
configuration files that are named as follows:
|
configuration files that are named as
|
||||||
<filename>keystone.<replaceable>DOMAIN_NAME</replaceable>.conf</filename>,
|
<filename>keystone.<replaceable>DOMAIN_NAME</replaceable>.conf</filename>.
|
||||||
where <replaceable>DOMAIN_NAME</replaceable> is the domain
|
Any domain without a domain-specific configuration
|
||||||
name.</para>
|
file uses options in the primary configuration file.</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_keystone-domain-config-options">
|
||||||
|
<title>Domain-specific configuration file options</title>
|
||||||
<para>Any options that you define in the domain-specific
|
<para>Any options that you define in the domain-specific
|
||||||
configuration file override options in the primary
|
configuration file override options in the primary
|
||||||
configuration file for the specified domain. Any domain
|
configuration file for the specified domain.</para>
|
||||||
without a domain-specific configuration file uses only the
|
<para>Domains configured for the service user or project
|
||||||
options in the primary configuration file.</para>
|
use the Identity API v3 to retrieve the service token.</para>
|
||||||
|
<para>To configure the domain for the service user, set the
|
||||||
|
following options in the [DEFAULT] section of the
|
||||||
|
<filename>/etc/keystone/domains/keystone.<replaceable>DOMAIN_NAME</replaceable>.conf</filename>
|
||||||
|
file:</para>
|
||||||
|
<programlisting>admin_user_domain_id = <replaceable>USER_DOMAIN_ID</replaceable>
|
||||||
|
admin_user_domain_name = <replaceable>USER_DOMAIN_NAME</replaceable></programlisting>
|
||||||
|
<para>Replace <replaceable>USER_DOMAIN_ID</replaceable> with
|
||||||
|
the Identity service account user domain ID, and
|
||||||
|
<replaceable>USER_DOMAIN_NAME</replaceable> with the Identity
|
||||||
|
service account user domain name.</para>
|
||||||
|
<para>To configure the domain for the project, set the
|
||||||
|
following options in the [DEFAULT] section of the
|
||||||
|
<filename>/etc/keystone/domains/keystone.<replaceable>DOMAIN_NAME</replaceable>.conf</filename>
|
||||||
|
file:</para>
|
||||||
|
<programlisting>admin_project_domain_id = <replaceable>PROJECT_DOMAIN_ID</replaceable>
|
||||||
|
admin_project_domain_name = <replaceable>PROJECT_DOMAIN_NAME</replaceable></programlisting>
|
||||||
|
<para>Replace <replaceable>PROJECT_DOMAIN_ID</replaceable> with
|
||||||
|
the Identity service account project domain ID, and
|
||||||
|
<replaceable>PROJECT_DOMAIN_NAME</replaceable> with the
|
||||||
|
Identity service account project domain name.</para>
|
||||||
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user