Unsolved
29 Posts
0
784
Swift account with ldap users
Hi,
how do I setup a swift account with ldap users in OneFS 8.1.2?
I have a single system zone with local, file, and ldap providers. I want ldap users to access swift objects, but I can only get it to work with local users.
I first create the local group "rzldap" and add the ldap user "osalpha" to it:
# isi auth users view osalpha
Name: osalpha
DN: uid=osalpha,ou=people,dc=mydomain
DNS Domain: -
Domain: LDAP_USERS
Provider: lsa-ldap-provider:LDAP Cluster
# isi auth groups create rzldap --add-user osalpha
# id osalpha uid=88934(osalpha) gid=304(usystem) groups=304(usystem),2004(rzldap)
Then I create the swift account "rzldap" with group "rzldap" and user "osalpha". This works without any error:
# isi swift accounts create rzldap osalpha rzldap --user osalpha
# ls -ld /ifs/isi_lwswift/rzldap
drwxr-xr-x 2 osalpha rzldap 0 Apr 25 14:08 /ifs/isi_lwswift/rzldap
But as soon as I want to connect to the swift account from outside (X-Auth-User:rzldap:osalpha), I get the error message "HTTP/1.1 401 Unauthorized" and "This server could not verify that you are authorized to access the document you requested." Thie perfectly works with users from the local provider. I also tried to specify the user with the ldap domain "LDAP_Users\\osalpha".
What am I missing?
Thanks,
Dirk