Creating Swift accounts with LDAP or Active Directory

BACKGROUND INFORMATION

You can connect an Active Directory or LDAP group or user to an Isilon Swift account. For convenience, explanations of three of the main components are provided here: 

Swift user 
In a multi-protocol access scenario, a Swift user is a file system user who owns files in the Swift account. This user can be from an external authentication provider joined to the Isilon.

Swift group
In a multi-protocol access scenario, a Swift group is a file system group that owns files in the Swift account. Swift user/Swift group determines the ownership of files within the file system whereas the users assigned to the Swift account grant access to the account through the Swift protocol. This group can be from an external authentication provider joined the Isilon.

Swift account
A Swift account is the root of a Swift namespace and is the locus of administrative control. Swift accounts hold containers and containers hold objects. A Swift account must be provisioned in order for a user to add containers or objects. Access control in Isilon Swift is granted at the account level. Users authorized to access a Swift account can access any of the containers and objects within that account. 


ACCOUNT CREATION EXAMPLE

When creating an Isilon Swift account in conjunction with Active Directory or LDAP, specific syntax is needed to specify the location of the user or group. For example, the syntax of  <domain>\\<user> and <domain>\\<group> specifies to the Isilon where to look for that user and group. This information is placed into the template command: isi swift accounts create <Swift Account Name> <Swift User> <Swift Group>

For example, using the Swift account name of SwiftTest, the Active Directory domain of example, the username of jsmith, and a group name of swift_users, the command is as follows:
# isi swift accounts create SwiftTest example\\jsmith example\\swift_users

The same syntax is used for adding a LDAP user and group. In the previous example, the difference would be to use the domain of LDAP is used instead of the domain of Active Directory.

COMMAND OPTIONS

There are additional options with the isi swift accounts create command that can also be utilized:

--zone Specifies the access zone.
--users Specifies the users who are assigned access to the Swift account. Specify --users for each additional user who must be assigned access to the Swift account.
{--verbose | -v} Displays detailed information

The template command looks like this:
# isi swift accounts create <Swift Account Name> <Swift User> <Swift Group> --zone <zone name> --users <user1> --users <user2> -v

Using example users and group the command is:
# isi swift accounts create TestAccount root wheel --zone Access1 --users jsmith --users compadmin -v