Merge "Update doc id-manage.rst"
This commit is contained in:
commit
73dc3cebd3
|
@ -19,6 +19,8 @@ database using API REST calls.
|
||||||
experimental in Kilo, and added to the Identity service in the
|
experimental in Kilo, and added to the Identity service in the
|
||||||
Liberty release.
|
Liberty release.
|
||||||
|
|
||||||
|
.. _enable_drivers_for_domain:
|
||||||
|
|
||||||
Enable drivers for domain-specific configuration files
|
Enable drivers for domain-specific configuration files
|
||||||
------------------------------------------------------
|
------------------------------------------------------
|
||||||
|
|
||||||
|
|
|
@ -14,18 +14,18 @@
|
||||||
License for the specific language governing permissions and limitations
|
License for the specific language governing permissions and limitations
|
||||||
under the License.
|
under the License.
|
||||||
|
|
||||||
Identity entity ID management between controllers and drivers
|
Identity entity ID management for domain-specific backends
|
||||||
=============================================================
|
==========================================================
|
||||||
|
|
||||||
Keystone supports the option of having domain-specific backends for the
|
Keystone supports the option of having domain-specific backends for the
|
||||||
identity driver (i.e. for user and group storage), allowing, for example,
|
identity driver (i.e. for user and group storage), allowing, for example,
|
||||||
a different LDAP server for each domain. To ensure that Keystone can determine
|
a different LDAP server for each domain. To ensure that Keystone can determine
|
||||||
to which backend it should route an API call, starting with Juno, the
|
to which backend it should route an API call, starting with Juno, the
|
||||||
identity manager will, provided that domain-specific backends are enabled,
|
identity manager will, provided that :ref:`domain-specific backends <enable_drivers_for_domain>`
|
||||||
build on-the-fly a persistent mapping table between Keystone Public IDs that
|
are enabled, build on-the-fly a persistent mapping
|
||||||
are presented to the controller and the domain that holds the entity, along
|
table between Keystone Public IDs that are presented to the API and the domain
|
||||||
with whatever local ID is understood by the driver. This hides, for instance,
|
that holds the entity, along with whatever local ID is understood by the driver.
|
||||||
the LDAP specifics of whatever ID is being used.
|
This hides, for instance, the LDAP specifics of whatever ID is being used.
|
||||||
|
|
||||||
To ensure backward compatibility, the default configuration of either a
|
To ensure backward compatibility, the default configuration of either a
|
||||||
single SQL or LDAP backend for Identity will not use the mapping table,
|
single SQL or LDAP backend for Identity will not use the mapping table,
|
||||||
|
|
Loading…
Reference in New Issue