Keystone comprises a bunch of services. We will understand them and their functionalities; before this, let's take a quick look at the Keystone architecture:
In the preceding diagram, you will see the different subsystems of the service and the common components that will be shared with the other components of OpenStack. The MySQL server will be used by most of the components of the OpenStack, and hence it is classified as OpenStack Common. The LDAP service is optional and will be common from an enterprise tool set perspective.
Identity verifies the credentials and data of the users and user groups. It can store the user data in the local database (MySQL), or it can connect to the LDAP to get this data. If the local database is used, this service is capable of performing the CRUD (Create, Read, Update, and Delete) operations.