Unsolved
3 Posts
0
1218
DELL ECS domain user rights
Hi All!
We are doing a PoC demo currently.
I successfully added our AD server under Manage -> Authentication.
I can create Object users with curl (authentication is working with the AD-server), but now I'm struggling with mapping rights to this kind of users. I can connect with using S3 Browser using the object user's credentials and can create buckets and can put files into the buckets.
If I create a new user under Identity and Access (S3) menu, it seems like it's creates a separate user (with the same name but with a new Access Key ID and Secret Key). This kind of users can added to Groups, and the Group's Policies are working as espected (eg. ECSS3ReadOnlyAccess).
Am I misunderstanding something, or how can I add AD-users to S3 groups with specified rights?
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
September 9th, 2022 02:00
Hello molnar.csaba,
I would double check your AD setup with this KB to make sure that all is set correctly. https://dell.to/3xbDHh9
Were you getting any error codes? What is your current version of ECS?
molnar.csaba
3 Posts
0
September 13th, 2022 01:00
Hello DELL-Sam L,
Version: Dell EMC ECS v3.7.0.0
I followed the same documentation that you mentioned. The AD-provider is working, here are the outputs of the object user creation with curl:
First test the connection of the domain user to ECS:
Create a secret key for the user:
Use the token to create valid domain object user, and examine:
After this steps, the created user appears in the management GUI, under Manage -> Users, and I can connet to the ECS with S3 Browser.
My problem is, that I don't know, how to add this type of AD-user to a ECS S3 Group.
My goal is to assign AD-users to ECS S3 Groups with appropriate rights.
Example:
testuser_ro1@mydomain.local -> How to add this user to Group_RO?
testuser_ro2@mydomain.local -> How to add this user to Group_RO?
testuser_ro3@mydomain.local -> How to add this user to Group_RO?
testuser_rw1@mydomain.local -> How to add this user to Group_RW?
testuser_rw2@mydomain.local -> How to add this user to Group_RW?
testuser_ro3@mydomain.local -> How to add this user to Group_RW?
testbucket1 -> assign GroupRO and GroupRW groups to it
testbucket2 -> assign GroupRO and GroupRW groups to it
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
September 13th, 2022 12:00
Hello molnar.csaba,
Here are a couple of other links to kb’s that also can be assistance in configuring ECS.
https://dell.to/3eQkQSo
https://dell.to/3U0mbGu
https://dell.to/3U7guqp
molnar.csaba
3 Posts
0
September 22nd, 2022 06:00
The problem is, I can not set user rights to domain users.
Example: I try to add a domain user to a group, and the response is:
Is there any way to add domain users to IAM?
The domaun user is created with the procedure you linked before. It appears in Users menu but not in IAM (Identity and Access Management (S3)).
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
September 22nd, 2022 09:00
Hello molnar.csaba,
It is best to open a support case for this so that we can look into your issue.
Tomsadoum
1 Message
0
January 26th, 2023 06:00
Hello DELL-SAM L
I'm facing the same situation as molnar.csaba. I don't know how to reference a domain user in groups or in role policies. My goal is to be able to perfom cross-namespace "AssumeRole" requests from an AD user but since my AD user cannot have a user policy, or be part of a group I don't have the proper right to do so.
Did molnar.csaba opened a support case and find a solution ?
Best regards.
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
January 26th, 2023 08:00
Hello Tomsadoum,
It is best to open a support case for this, as this is more of a custom configuration.