Domain-specific configuration

Parameter	`features:keystone:domain_specific_configuration`
Usage	Defines the domain-specific configuration and is useful for integration with LDAP. Parameters in this section are saved in the Keystone configuration files as is. The following example illustrates an OsDpl with LDAP integration that creates a separate `domain.with.ldap` domain and configures it to use LDAP as an identity driver: spec: features: keystone: domain_specific_configuration: enabled: true ks_domains: domain.with.ldap: enabled: true config: assignment: driver: keystone.assignment.backends.sql.Assignment identity: driver: ldap ldap: chase_referrals: false group_desc_attribute: description group_id_attribute: cn group_member_attribute: member group_name_attribute: ou group_objectclass: groupOfNames page_size: 0 password: XXXXXXXXX query_scope: sub suffix: dc=mydomain,dc=com url: ldap://ldap01.mydomain.com,ldap://ldap02.mydomain.com user: uid=openstack,ou=people,o=mydomain,dc=com user_enabled_attribute: enabled user_enabled_default: false user_enabled_invert: true user_enabled_mask: 0 user_id_attribute: uid user_mail_attribute: mail user_name_attribute: uid user_objectclass: inetOrgPerson For details on configuration parameters, refer to the official OpenStack documentation: Keystone Configuration.

Parameter

features:keystone:domain_specific_configuration

Usage

Defines the domain-specific configuration and is useful for integration with LDAP. Parameters in this section are saved in the Keystone configuration files as is.

The following example illustrates an OsDpl with LDAP integration that creates a separate domain.with.ldap domain and configures it to use LDAP as an identity driver:

spec:
  features:
    keystone:
      domain_specific_configuration:
        enabled: true
        ks_domains:
          domain.with.ldap:
            enabled: true
            config:
              assignment:
                driver: keystone.assignment.backends.sql.Assignment
              identity:
                driver: ldap
              ldap:
                chase_referrals: false
                group_desc_attribute: description
                group_id_attribute: cn
                group_member_attribute: member
                group_name_attribute: ou
                group_objectclass: groupOfNames
                page_size: 0
                password: XXXXXXXXX
                query_scope: sub
                suffix: dc=mydomain,dc=com
                url: ldap://ldap01.mydomain.com,ldap://ldap02.mydomain.com
                user: uid=openstack,ou=people,o=mydomain,dc=com
                user_enabled_attribute: enabled
                user_enabled_default: false
                user_enabled_invert: true
                user_enabled_mask: 0
                user_id_attribute: uid
                user_mail_attribute: mail
                user_name_attribute: uid
                user_objectclass: inetOrgPerson

For details on configuration parameters, refer to the official OpenStack documentation: Keystone Configuration.