summaryrefslogtreecommitdiff
path: root/doc/source/admin/domain-specific-config.inc
diff options
context:
space:
mode:
Diffstat (limited to 'doc/source/admin/domain-specific-config.inc')
-rw-r--r--doc/source/admin/domain-specific-config.inc6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/source/admin/domain-specific-config.inc b/doc/source/admin/domain-specific-config.inc
index 3acc4f088..0b054cd3e 100644
--- a/doc/source/admin/domain-specific-config.inc
+++ b/doc/source/admin/domain-specific-config.inc
@@ -144,6 +144,12 @@ then the same public ID will be created. This is useful if you are running
multiple keystones and want to ensure the same ID would be generated whichever
server you hit.
+.. NOTE::
+
+ In case of the LDAP backend, the names of users and groups are not hashed.
+ As a result, these are length limited to 255 characters. Longer names
+ will result in an error.
+
While keystone will dynamically maintain the identity mapping, including
removing entries when entities are deleted via the keystone, for those entities
in backends that are managed outside of keystone (e.g. a read-only LDAP),