diff --git a/doc/common/tables/ldap-keystone-conf.xml b/doc/common/tables/ldap-keystone-conf.xml deleted file mode 100644 index 11ee9b068e..0000000000 --- a/doc/common/tables/ldap-keystone-conf.xml +++ /dev/null @@ -1,265 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Description of keystone.conf file configuration options - for LDAP
Configuration option = Default value(Type) Description
url = ldap://localhostThe location for the ldap server.
- user = dc=Manager,dc=example,dc=com(StrOpt) User for the LDAP server to use as default.
password = None(StrOpt) Password for LDAP server to connect to.
- suffix = cn=example,cn=com(StrOpt) Default suffix for your LDAP server.
use_dumb_member = False(Bool) Indicates whether dumb_member settings are in use.
allow_subtree_delete = False - (Bool) Determine whether to delete LDAP subtrees.
dumb_member = cn=dumb,dc=example,dc=com - Mockup member as placeholder, for testing purposes.
query_scope = one - The LDAP scope for queries, this can be either 'one' (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
user_tree_dn = ou=Users,dc=example,dc=com -
user_filter = -
user_objectclass = inetOrgPerson -
user_id_attribute = cn -
user_name_attribute = sn -
user_mail_attribute = email -
user_pass_attribute = userPassword -
user_enabled_attribute = enabled - Example, userAccountControl. Combines with user_enabled_mask and user_enabled_default settings below to extract the value from an integer - attribute like in Active Directory.
user_enabled_mask = 0 -
user_enabled_default = True -
user_attribute_ignore = tenant_id,tenants -
user_allow_create = True - If the users are managed by another tool and you have only read access, you would set this to False.
user_allow_update = True -
user_allow_delete = True -
tenant_tree_dn = ou=Groups,dc=example,dc=com -
tenant_filter = - If the backend is providing too much output, you can set a filter to blank so tenants are not passed through.
tenant_objectclass = groupOfNames -
tenant_id_attribute = cn -
tenant_member_attribute = member -
tenant_name_attribute = ou -
tenant_desc_attribute = desc -
tenant_enabled_attribute = enabled -
tenant_attribute_ignore = -
tenant_allow_create = True -
tenant_allow_update = True -
tenant_allow_delete = True -
role_tree_dn = ou=Roles,dc=example,dc=com -
role_filter = -
role_objectclass = organizationalRole -
role_id_attribute = cn -
role_name_attribute = ou -
role_member_attribute = roleOccupant -
role_attribute_ignore = -
role_allow_create = True -
role_allow_update = True -
role_allow_delete = True -
group_tree_dn = -
group_filter = -
group_objectclass = groupOfNames -
group_id_attribute = cn -
group_name_attribute = ou -
group_member_attribute = member -
group_desc_attribute = desc -
group_attribute_ignore = -
group_allow_create = True -
group_allow_update = True -
group_allow_delete = True -
- -