topic ONTAP S3 Access 9.15.1P15 with AD Group in ONTAP Discussions https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-S3-Access-9-15-1P15-with-AD-Group/m-p/463945#M45203 <P>I have created object-store-server on a Scaleout cluster ( Ontap 9.15.1P15). i created Buckets and can able to access with local user. Required help on AD group&nbsp; &nbsp;integration for the Bucket. Do we require LDAP integration for the Object_store_SVM?</P><P>Not able to access TR 4814 in NetApp site and is unavailable&nbsp;</P><P>&nbsp;</P><P>when i try to add the ad group iam getting the bellow error</P><P>&nbsp;</P><P>TestCluster::*&gt; object-store-server bucket policy statement create -vserver testsvm -bucket adbucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts,GetObjectTagging,PutObjectTagging,DeleteObjectTagging,GetBucketLocation,GetBucketVersioning,PutBucketVersioning,ListBucketVersions,GetBucketPolicy,PutBucketPolicy,DeleteBucketPolicy,PutLifecycleConfiguration,GetLifecycleConfiguration&nbsp; -principal ITA/GROUP_TSA_DP<BR />&nbsp; (vserver object-store-server bucket policy statement create)</P><P>&nbsp;</P><P>Error: Specified user name or group name "ITA/GROUP_TSA_DP" is not valid. Valid characters for a user<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; name or group name are 0-9, A-Z, a-z, "_", "+", "=", ",", ".", "@", and "-". Valid syntax for an S3 group is<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "group/&lt;group-name&gt;". Valid syntax for a NAS group is "nasgroup/&lt;group-name&gt;".<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "ITA/GROUP_TSA_DP" is an invalid value for field "-principal &lt;Object Store Principal&gt;", ...</P><P>&nbsp;</P><P>Thanks&nbsp;</P><P>KP Karthik&nbsp;</P><P><SPAN>&nbsp;</SPAN></P> Thu, 30 Oct 2025 00:56:35 GMT KPKarthik1 2025-10-30T00:56:35Z ONTAP S3 Access 9.15.1P15 with AD Group https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-S3-Access-9-15-1P15-with-AD-Group/m-p/463945#M45203 <P>I have created object-store-server on a Scaleout cluster ( Ontap 9.15.1P15). i created Buckets and can able to access with local user. Required help on AD group&nbsp; &nbsp;integration for the Bucket. Do we require LDAP integration for the Object_store_SVM?</P><P>Not able to access TR 4814 in NetApp site and is unavailable&nbsp;</P><P>&nbsp;</P><P>when i try to add the ad group iam getting the bellow error</P><P>&nbsp;</P><P>TestCluster::*&gt; object-store-server bucket policy statement create -vserver testsvm -bucket adbucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts,GetObjectTagging,PutObjectTagging,DeleteObjectTagging,GetBucketLocation,GetBucketVersioning,PutBucketVersioning,ListBucketVersions,GetBucketPolicy,PutBucketPolicy,DeleteBucketPolicy,PutLifecycleConfiguration,GetLifecycleConfiguration&nbsp; -principal ITA/GROUP_TSA_DP<BR />&nbsp; (vserver object-store-server bucket policy statement create)</P><P>&nbsp;</P><P>Error: Specified user name or group name "ITA/GROUP_TSA_DP" is not valid. Valid characters for a user<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; name or group name are 0-9, A-Z, a-z, "_", "+", "=", ",", ".", "@", and "-". Valid syntax for an S3 group is<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "group/&lt;group-name&gt;". Valid syntax for a NAS group is "nasgroup/&lt;group-name&gt;".<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "ITA/GROUP_TSA_DP" is an invalid value for field "-principal &lt;Object Store Principal&gt;", ...</P><P>&nbsp;</P><P>Thanks&nbsp;</P><P>KP Karthik&nbsp;</P><P><SPAN>&nbsp;</SPAN></P> Thu, 30 Oct 2025 00:56:35 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-S3-Access-9-15-1P15-with-AD-Group/m-p/463945#M45203 KPKarthik1 2025-10-30T00:56:35Z Re: ONTAP S3 Access 9.15.1P15 with AD Group https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-S3-Access-9-15-1P15-with-AD-Group/m-p/464326#M45212 <P>I added Ldap access to vserver and added domain users for the Object store vserver</P><P>used bellow NetApp document</P><P><A href="https://docs.netapp.com/us-en/ontap/s3-config/generate-access-keys-api.html#configure-users-for-access-key-generation" target="_blank">https://docs.netapp.com/us-en/ontap/s3-config/generate-access-keys-api.html#configure-users-for-access-key-generation</A></P> Wed, 12 Nov 2025 13:06:35 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-S3-Access-9-15-1P15-with-AD-Group/m-p/464326#M45212 KPKarthik1 2025-11-12T13:06:35Z