2.1 KiB
Configuring Keystone
Identity sources
One of the most impactful decisions you'll have to make when configuring keystone is deciding how you want keystone to source your identity data. Keystone supports several different choices that will substantially impact how you'll configure, deploy, and interact with keystone.
You can also mix-and-match various sources of identity (see Domain-specific Configuration for an example). For example, you can store OpenStack service users and their passwords in SQL, manage customers in LDAP, and authenticate employees via SAML federation.
Limiting list return size
Keystone provides a method of setting a limit to the number of
entities returned in a collection, which is useful to prevent overly
long response times for list queries that have not specified a
sufficiently narrow filter. This limit can be set globally by setting
list_limit
in the default section of
keystone.conf
, with no limit set by default. Individual
driver sections may override this global value with a specific limit,
for example:
[resource]
list_limit = 100
If a response to list_{entity}
call has been truncated,
then the response status code will still be 200 (OK), but the
truncated
attribute in the collection will be set to
true
.