Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 7. Managing domains
Identity Service (keystone) domains are additional namespaces that you can create in keystone. Use keystone domains to partition users, groups, and projects. You can also configure these separate domains to authenticate users in different LDAP or Active Directory environments. For more information, see the Integrate with Identity Service guide.
Identity Service includes a built-in domain called Default
. It is suggested you reserve this domain only for service accounts, and create a separate domain for user accounts.
7.1. Viewing a list of domains
You can view a list of domains with the openstack domain list
command:
$ openstack domain list +----------------------------------+------------------+---------+--------------------+ | ID | Name | Enabled | Description | +----------------------------------+------------------+---------+--------------------+ | 3abefa6f32c14db9a9703bf5ce6863e1 | TestDomain | True | | | 69436408fdcb44ab9e111691f8e9216d | corp | True | | | a4f61a8feb8d4253b260054c6aa41adb | federated_domain | True | | | default | Default | True | The default domain | +----------------------------------+------------------+---------+--------------------+
7.2. Creating a new domain
You can create a new domain with the openstack domain create
command:
$ openstack domain create TestDomain +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | 3abefa6f32c14db9a9703bf5ce6863e1 | | name | TestDomain | +-------------+----------------------------------+
7.3. Viewing the details of a domain
You can view the details of a domain with the openstack domain show
command:
$ openstack domain show TestDomain +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | 3abefa6f32c14db9a9703bf5ce6863e1 | | name | TestDomain | +-------------+----------------------------------+
7.4. Disabling a domain
You can disable and enable domains according to your requirements.
Procedure
Disable a domain using the
--disable
option:$ openstack domain set TestDomain --disable
Confirm that the domain has been disabled:
$ openstack domain show TestDomain +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | enabled | False | | id | 3abefa6f32c14db9a9703bf5ce6863e1 | | name | TestDomain | +-------------+----------------------------------+
Use the
--enable
option to re-enable the domain, if required:$ openstack domain set TestDomain --enable