Domain and local users

ECS provides support for local user and domain users. Local and domain users can be assigned as management users or object users.

The ECS self-service capability authenticates domain users and allows domain users to create a secret key for themselves. When a domain user creates their own secret key, they become an object user in the ECS system. You can use AD and LDAP to give a large number of users from an existing user database access to the ECS object store (as object users), without creating each user individually.

Domain users that are object users must be added (mapped) into a namespace. For more information, see Add domain users into a namespace

Local user credentials are stored by ECS. The credentials for object users are global resources and are available from all VDCs in ECS.

Domain users are defined in an Active Directory AD or LDAP database. Domain usernames are defined by using the user@domain.com format. Usernames without @ are authenticated against the local user database. ECS uses an authentication provider to supply the credentials to communicate with the AD or LDAP server to authenticate a domain user login request. Domain users assigned to management roles can be authenticated against their AD or LDAP credentials to allow them to access ECS and perform ECS administration operations.