openstack-manuals/doc/common/tables/ldap-keystone-conf.xml

<?xml version= "1.0" encoding= "UTF-8"?>
<para xmlns= "http://docbook.org/ns/docbook" version= "5.0">
    <table rules= "all" width= "100%">
        <caption>Description of keystone.conf file configuration options
            for LDAP</caption>
        <col width="50%"/>
        <col width="50%"/>
        <thead>
            <tr>
                <td>Configuration option=Default value</td>
                <td>(Type) Description</td>
            </tr>
        </thead>
        <tbody>
            <tr>
                <td>url=ldap://localhost</td>
                <td>The location for the ldap server.</td>
            </tr>
            <tr>
                <td>
                    user = dc=Manager,dc=example,dc=com</td>
                <td>(StrOpt) User for the LDAP server to use as default.</td>
            </tr>
            <tr>
                <td>password = None</td>
                <td>(StrOpt) Password for LDAP server to connect to.</td>
            </tr>
            <tr>
                <td>
                    suffix = cn=example,cn=com</td>
                <td>(StrOpt) Default suffix for your LDAP server.</td>
            </tr>
            <tr><td>use_dumb_member = False</td>
            <td>(Bool) Indicates whether dumb_member settings are in use.</td></tr>
            <tr>
                <td>allow_subtree_delete = False
                     </td>
                <td>(Bool) Determine whether to delete LDAP subtrees.</td>
            </tr>
            <tr>
                <td>dumb_member = cn=dumb,dc=example,dc=com
                </td>
                <td>Mockup member as placeholder, for testing purposes.</td>
            </tr><tr>
                <td>query_scope = one
                </td>
                <td>The LDAP scope for queries, this can be either 'one' (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)</td>
            </tr><tr>
                <td>user_tree_dn = ou=Users,dc=example,dc=com
                </td>
                <td></td>
            </tr><tr>
                <td>user_filter =
                </td>
                <td></td>
            </tr><tr>
                <td>user_objectclass = inetOrgPerson
                </td>
                <td></td>
            </tr><tr>
                <td>user_id_attribute = cn
                </td>
                <td></td>
            </tr><tr>
                <td>user_name_attribute = sn
                </td>
                <td></td>
            </tr><tr>
                <td>user_mail_attribute = email
                </td>
                <td></td>
            </tr><tr>
                <td>user_pass_attribute = userPassword
                </td>
                <td></td>
            </tr><tr>
                <td>user_enabled_attribute = enabled
                </td>
                <td>Example, userAccountControl. Combines with user_enabled_mask and user_enabled_default settings below to extract the value from an integer
                    attribute like in Active Directory.</td>
            </tr><tr>
                <td>user_enabled_mask = 0
                </td>
                <td></td>
            </tr><tr>
                <td>user_enabled_default = True
                </td>
                <td></td>
            </tr><tr>
                <td>user_attribute_ignore = tenant_id,tenants
                </td>
                <td></td>
            </tr><tr>
                <td>user_allow_create = True
                </td>
                <td>If the users are managed by another tool and you have only read access, you would set this to False.</td>
            </tr><tr>
                <td>user_allow_update = True
                </td>
                <td></td>
            </tr><tr>
                <td>user_allow_delete = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>tenant_tree_dn = ou=Groups,dc=example,dc=com
                </td>
                <td></td>
            </tr>
            <tr>
                <td>tenant_filter =
                </td>
                <td>If the backend is providing too much output, you can set a filter to blank so tenants are not passed through.</td>
            </tr><tr>
                <td>tenant_objectclass = groupOfNames
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_id_attribute = cn
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_member_attribute = member
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_name_attribute = ou
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_desc_attribute = desc
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_enabled_attribute = enabled
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_attribute_ignore =
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_allow_create = True
                </td>
                <td></td>
            </tr><tr>
                <td>tenant_allow_update = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>tenant_allow_delete = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_tree_dn = ou=Roles,dc=example,dc=com
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_filter =
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_objectclass = organizationalRole
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_id_attribute = cn
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_name_attribute = ou
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_member_attribute = roleOccupant
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_attribute_ignore =
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_allow_create = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_allow_update = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>role_allow_delete = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_tree_dn =
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_filter =
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_objectclass = groupOfNames
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_id_attribute = cn
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_name_attribute = ou
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_member_attribute = member
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_desc_attribute = desc
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_attribute_ignore =
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_allow_create = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_allow_update = True
                </td>
                <td></td>
            </tr>
            <tr>
                <td>group_allow_delete = True
                </td>
                <td></td>
            </tr>
        </tbody>
    </table>

</para>