openstack/openstack-manuals
Code Issues Proposed changes
66692c71a5
openstack-manuals/doc/common/tables/keystone-mapping.xml
Gauvain Pocentek e7cbc675ce update the config reference tables for liberty 
Change-Id: I959cc6884633ada1deb55f44ca1fc6f230bdebd9
2015-10-29 07:45:04 +01:00

53 lines
2.9 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!--
###################################################################
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
###################################################################
Warning: Do not edit this file. It is automatically
generated from the software project's code and your changes
will be overwritten.
The tool to generate this file lives in openstack-doc-tools
repository.
Please make any changes needed in the code, then run the
autogenerate-config-doc tool from the openstack-doc-tools
repository, or ask for help on the documentation mailing list,
IRC channel or meeting.
###################################################################
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
###################################################################
-->
<table rules="all" xml:id="config_table_keystone_mapping">
<caption>Description of mapping configuration options</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[identity_mapping]</th>
</tr>
<tr>
<td><option>backward_compatible_ids</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) The format of user and group IDs changed in Juno for backends that do not generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the underlying attribute in LDAP. By default this mapping is disabled, which ensures that existing IDs will not change. Even when the mapping is enabled by using domain specific drivers, any users and groups from the default domain being handled by LDAP will still not be mapped to ensure their IDs remain backward compatible. Setting this value to False will enable the mapping for even the default LDAP driver. It is only safe to do this if you do not already have assignments for users and groups from the default LDAP domain, and it is acceptable for Keystone to provide the different IDs to clients than it did previously. Typically this means that the only time you can set this value to False is when configuring a fresh installation.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the identity mapping backend driver in the keystone.identity.id_mapping namespace.</td>
</tr>
<tr>
<td><option>generator</option> = <replaceable>sha256</replaceable></td>
<td>(StrOpt) Entrypoint for the public ID generator for user and group entities in the keystone.identity.id_generator namespace. The Keystone identity mapper only supports generators that produce no more than 64 characters.</td>
</tr>
</tbody>
</table>
</para>
View Git Blame Copy Permalink