options:
  domain-name:
    type: string
    default:
    description: Name of the keystone domain to configure; defaults to the deployed application name.
  ldap-server:
    type: string
    default:
    description: LDAP server address for keystone identity backend.
  ldap-user:
    type: string
    default:
    description: Username of the LDAP identity server.
  ldap-password:
    type: string
    default:
    description: Password of the LDAP identity server.
  ldap-suffix:
    type: string
    default:
    description: LDAP server suffix to be used by keystone.
  ldap-config-flags:
    type: string
    default:
    description: |
      Additional LDAP configuration options.
      For simple configurations use a comma separated string of key=value pairs.
      "user_allow_create=False, user_allow_update=False, user_allow_delete=False"
      For more complex configurations use a json like string with double quotes
      and braces around all the options and single quotes around complex values.
      "{user_tree_dn: 'DC=dc1,DC=ad,DC=example,DC=com',
        user_allow_create: False,
        user_allow_delete: False}"
      See the README for more details.
  ldap-readonly:
    type: boolean
    default: True
    description: LDAP identity server backend readonly to keystone.