Comment 3 for bug 1607970

I think the overall objective for the keystone charm should be to support LDAP backends well with Keystone v3; the existing LDAP support should probably never have been included in the charm as its awkward and fiddly to use.

For v3 - the service domain would continue to be SQL based (allowing the charm to create users as required for service accounts), with user domains being backed by LDAP/SQL or another identity provider.