You can update certain parameters in your Keystone service configuration by using the viocli update keystone command.
For more information about Keystone configuration, see the OpenStack Keystone Configuration documentation.
For more information about Keystone service configuration examples, see the OpenStack Keystone Configuration file.
conf: keystone: DEFAULT: list_limit: 100 token: expiration: 7200 ks_domains: <keystone domain name>: ldap: user_enabled_invert: false user_enabled_mask: 2 user_enabled_default: true chase_referrals: false debug_level: 4095 pool_retry_max: 20 pool_size: 200 pool_retry_delay: 0.1 pool_connection_timeout: -1 pool_connection_lifetime: 600 use_auth_pool: true auth_pool_size: 100 auth_pool_connection_lifetime: 60 user_enabled_attribute: userAccountControl lockout_failure_attempts = 6 lockout_duration = 1800
Parameter | Default Value | Description |
---|---|---|
list_limit |
|
Enter the maximum number of entities that can be returned in a collection. |
expiration |
Minimum value: Maximum value: |
Enter the amount of time the token can take to remain valid. Drastically increasing this value can increase load on the driver and drastically decreasing this value can break the long running operations. |
ks_domains |
Enter the Keystone domain name. |
|
user_enabled_invert |
false |
Enter |
user_enabled_mask |
0 |
Enter |
user_enabled_default |
true |
Enter |
chase_referrals |
none |
Enter the systems default referral chasing behavior boolean value for queries. |
debug_level |
none |
Enter the LDAP debugging level value for LDAP calls. The minimum value is |
pool_retry_max |
3 |
Enter the maximum number of times to attempt reconnecting to the LDAP server. The minimum value is |
pool_size |
10 |
Enter the size of the LDAP connection pool. The minimum value is |
pool_retry_delay |
0.1 |
Enter the number of seconds to wait before attempting to reconnect to the LDAP server. |
pool_connection_timeout |
-1 |
Enter the connection timeout value to use when pooling LDAP connections. A value of |
pool_connection_lifetime |
600 |
Enter the maximum connection lifetime to the LDAP server in seconds. The minimum value is |
use_auth_pool |
true |
Enter |
auth_pool_size |
100 |
Enter the size of the connection pool to use for end-user authentication. The minimum value is |
auth_pool_connection_lifetime |
60 |
Enter the maximum end-user authentication connection lifetime value in seconds. The minimum value is |
user_enabled_attribute |
enabled |
Enter the LDAP attribute that you can map to user-enabled flag. |
lockout_failure_attempts | 5 |
Configures the maximum number of failed authentication attempts. |
lockout_duration | 1800 |
Configures the number of seconds an account is locked out after you reach |