openstack-manuals/doc/common/tables/keystone-identity.xml
Atsushi SAKAI 065905d3a0 Update Config reference for keystone
flagmappings are only one line add/delete
but it has huge difference after docbook.

Change-Id: I77cda2ff0aae7bd86dc6a140339fffd9f9d9ad1e
Partial-Bug: #1407581
2015-09-03 15:57:43 +09:00

59 lines
3.6 KiB
XML

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_identity">
<caption>Description of identity configuration options</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[identity]</th>
</tr>
<tr>
<td><option>cache_time</option> = <replaceable>600</replaceable></td>
<td>(IntOpt) Time to cache identity data (in seconds). This has no effect unless global and identity caching are enabled.</td>
</tr>
<tr>
<td><option>caching</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) Toggle for identity caching. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td><option>default_domain_id</option> = <replaceable>default</replaceable></td>
<td>(StrOpt) This references the domain to use for all Identity API v2 requests (which are not aware of domains). A domain with this ID will be created for you by keystone-manage db_sync in migration 008. The domain referenced by this ID cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. There is nothing special about this domain, other than the fact that it must exist to order to maintain support for your v2 clients.</td>
</tr>
<tr>
<td><option>domain_config_dir</option> = <replaceable>/etc/keystone/domains</replaceable></td>
<td>(StrOpt) Path for Keystone to locate the domain specific identity configuration files if domain_specific_drivers_enabled is set to true.</td>
</tr>
<tr>
<td><option>domain_configurations_from_database</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Extract the domain specific configuration options from the resource backend where they have been stored with the domain data. This feature is disabled by default (in which case the domain specific options will be loaded from files in the domain configuration directory); set to true to enable.</td>
</tr>
<tr>
<td><option>domain_specific_drivers_enabled</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) A subset (or all) of domains can have their own identity driver, each with their own partial configuration options, stored in either the resource backend or in a file in a domain configuration directory (depending on the setting of domain_configurations_from_database). Only values specific to the domain need to be specified in this manner. This feature is disabled by default; set to true to enable.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the identity backend driver in the keystone.identity namespace. Supplied drivers are ldap and sql.</td>
</tr>
<tr>
<td><option>list_limit</option> = <replaceable>None</replaceable></td>
<td>(IntOpt) Maximum number of entities that will be returned in an identity collection.</td>
</tr>
<tr>
<td><option>max_password_length</option> = <replaceable>4096</replaceable></td>
<td>(IntOpt) Maximum supported length for user passwords; decrease to improve performance.</td>
</tr>
</tbody>
</table>
</para>