NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

ONTAP S3 Access 9.15.1P15 with AD Group

KPKarthik1
881 Views

I have created object-store-server on a Scaleout cluster ( Ontap 9.15.1P15). i created Buckets and can able to access with local user. Required help on AD group   integration for the Bucket. Do we require LDAP integration for the Object_store_SVM?

Not able to access TR 4814 in NetApp site and is unavailable 

 

when i try to add the ad group iam getting the bellow error

 

TestCluster::*> object-store-server bucket policy statement create -vserver testsvm -bucket adbucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts,GetObjectTagging,PutObjectTagging,DeleteObjectTagging,GetBucketLocation,GetBucketVersioning,PutBucketVersioning,ListBucketVersions,GetBucketPolicy,PutBucketPolicy,DeleteBucketPolicy,PutLifecycleConfiguration,GetLifecycleConfiguration  -principal ITA/GROUP_TSA_DP
  (vserver object-store-server bucket policy statement create)

 

Error: Specified user name or group name "ITA/GROUP_TSA_DP" is not valid. Valid characters for a user
       name or group name are 0-9, A-Z, a-z, "_", "+", "=", ",", ".", "@", and "-". Valid syntax for an S3 group is
       "group/<group-name>". Valid syntax for a NAS group is "nasgroup/<group-name>".
       "ITA/GROUP_TSA_DP" is an invalid value for field "-principal <Object Store Principal>", ...

 

Thanks 

KP Karthik 

 

1 REPLY 1

KPKarthik1
702 Views

I added Ldap access to vserver and added domain users for the Object store vserver

used bellow NetApp document

https://docs.netapp.com/us-en/ontap/s3-config/generate-access-keys-api.html#configure-users-for-access-key-generation

Public