"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/source/contributor/id-manage.rst" between
keystone-17.0.0.tar.gz and keystone-18.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (latest release).

id-manage.rst  (keystone-17.0.0):id-manage.rst  (keystone-18.0.0)
skipping to change at line 17 skipping to change at line 17
a copy of the License at a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
Identity entity ID management between controllers and drivers Identity entity ID management for domain-specific backends
============================================================= ==========================================================
Keystone supports the option of having domain-specific backends for the Keystone supports the option of having domain-specific backends for the
identity driver (i.e. for user and group storage), allowing, for example, identity driver (i.e. for user and group storage), allowing, for example,
a different LDAP server for each domain. To ensure that Keystone can determine a different LDAP server for each domain. To ensure that Keystone can determine
to which backend it should route an API call, starting with Juno, the to which backend it should route an API call, starting with Juno, the
identity manager will, provided that domain-specific backends are enabled, identity manager will, provided that :ref:`domain-specific backends <enable_driv
build on-the-fly a persistent mapping table between Keystone Public IDs that ers_for_domain>`
are presented to the controller and the domain that holds the entity, along are enabled, build on-the-fly a persistent mapping
with whatever local ID is understood by the driver. This hides, for instance, table between Keystone Public IDs that are presented to the API and the domain
the LDAP specifics of whatever ID is being used. that holds the entity, along with whatever local ID is understood by the driver.
This hides, for instance, the LDAP specifics of whatever ID is being used.
To ensure backward compatibility, the default configuration of either a To ensure backward compatibility, the default configuration of either a
single SQL or LDAP backend for Identity will not use the mapping table, single SQL or LDAP backend for Identity will not use the mapping table,
meaning that public facing IDs will be the unchanged. If keeping these IDs meaning that public facing IDs will be the unchanged. If keeping these IDs
the same for the default LDAP backend is not required, then setting the the same for the default LDAP backend is not required, then setting the
configuration variable ``backward_compatible_ids`` to ``False`` will enable configuration variable ``backward_compatible_ids`` to ``False`` will enable
the mapping for the default LDAP driver, hence hiding the LDAP specifics of the the mapping for the default LDAP driver, hence hiding the LDAP specifics of the
IDs being used. IDs being used.
 End of changes. 2 change blocks. 
7 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)