The identity provider

The identity provider validates user and group credentials. OpenStack Keystone provides a built-in identity provider that can be used to create and manage user and group credentials.

Keystone can also integrate with external identity providers such as LDAP. The OpenStack Ansible project provides the playbooks to integrate the LDAP service with Keystone as an external identity provider.

Keystone supports various user types to manage access levels to OpenStack services. The user can be one of the following:

• A service user who is associated with a service running in OpenStack
• An administrative user who has administrative access to services and resources created
• An end user who has no extra access rights and is a consumer of OpenStack resources