Keystone/multiple-datastores

Currenlt, Keystone supports on RDBMS and one LDAP server for all backends. IN the case of LDAP, we often need to support one backend per domain. FOr RDBMS,. we may want to user adifferent user, or even a different server, for a high volume backend like tokens versus the Identity or other backends which are more read-heavy.

Create a subdirectory /etc/keystone/data for each data store, have a key value pairing to configure it, based on the values from the current config file:

example: token.conf name = token-sql type = sql url = postgresql://keystone:keystone@localhost/keystone?client_encoding=utf8

example identity.conf For Simple Bind

name = identity-simple type = ldap url = ldap://localhost user = dc=Manager,dc=openstack,dc=org password = test

example identity.conf for GSSAPI name = identity-gss type = ldap url = ldaps://ldap.openstack.org user = dc=Manager,dc=openstack,dc=org sasl = mech=GSSAPI

Then, the keystone config file, the name from above would be bound to the backend. For example.

[identity] driver = keystone.identity.backends.ldap.Identity source = data.identity-gss

or

[identity] driver = keystone.identity.backends.sql.Identity source = data.token-sql