Highlighted
dirkuos
1 Nickel

Swift account with ldap users

Hi,

how do I setup a swift account with ldap users in OneFS 8.1.2?

I have a single system zone with local, file, and ldap providers. I want ldap users to access swift objects, but I can only get it to work with local users.

I first create the local group "rzldap" and add the ldap user "osalpha" to it:

# isi auth users view osalpha
Name: osalpha
DN: uid=osalpha,ou=people,dc=mydomain
DNS Domain: -
Domain: LDAP_USERS
Provider: lsa-ldap-provider:LDAP Cluster

# isi auth groups create rzldap --add-user osalpha
# id osalpha uid=88934(osalpha) gid=304(usystem) groups=304(usystem),2004(rzldap)

Then I create the swift account "rzldap" with group "rzldap" and user "osalpha". This works without any error:

# isi swift accounts create rzldap osalpha rzldap --user osalpha
# ls -ld /ifs/isi_lwswift/rzldap
drwxr-xr-x 2 osalpha rzldap 0 Apr 25 14:08 /ifs/isi_lwswift/rzldap

But as soon as I want to connect to the swift account from outside (X-Auth-User:rzldapSmiley Surprisedsalpha), I get the error message "HTTP/1.1 401 Unauthorized" and "This server could not verify that you are authorized to access the document you requested." Thie perfectly works with users from the local provider. I also tried to specify the user with the ldap domain "LDAP_Users\\osalpha".

What am I missing?

Thanks,

Dirk

 

Tags (2)
0 Kudos