Creating an AD Domain

Context

Domain users are defined in the AD domain database. If a domain user needs to access the object service and perform object service operations, you need to interconnect the domain where the domain user resides with the object service and bind the domain user to an account of the object service. After a domain user is added to the object service, the user can use its user name and password as credentials to access the object service.

A domain user that has been added to the object service and bound to an account is equivalent to an account in the object service. The domain user can perform operations, such as creating buckets and uploading and downloading objects.

In scenarios where user authentication information is stored in an AD domain and users want to access the object service as such AD domain users, an AD domain needs to be created for the object service and domain users need to be added to the AD domain. For example, in check image, file sharing, and media asset library scenarios, original user data is stored in a NAS storage system. If you want to replace the original NAS storage system with the object service and want the object service to adapt to the user authentication mode in the original NAS storage system, you can create an AD domain for the object service and add domain users to the AD domain.

Prerequisites

You have installed and configured an AD domain server and obtained the server IP address.

Procedure

1. Choose Services > Object Service > AD Domain.
2. Click Create.

   The Create AD Domain page is displayed on the right.

3. Set parameters for the AD domain authentication server. Table 1 describes related parameters.

   Table 1 AD domain authentication server parameters

   Parameter	Description
   Domain ID	Specify an domain ID, which is used to identify the AD domain. [Value range] The ID contains 3 to 32 characters. The ID can contain only letters, digits, at signs (@), periods (.), underscores (_), and hyphens (-).
   Active Server Address	Indicates the IP address of the active AD domain server.
   Standby IP Address 1	Indicates the IP address of standby AD domain server 1.
   Standby IP Address 2	Indicates the IP address of standby AD domain server 2.
   Protocol	Indicates the protocol used by the object service to communicate with the domain server. LDAP: uses the standard LDAP protocol to communicate with the domain server. When the LDAP protocol is used, the network communication between the object service and domain server is not encrypted, which may cause security risks. Therefore, LDAPS is recommended. LDAPS: uses the LDAP over SSL (LDAPS) protocol to communicate with the LDAP server. The LDAPS protocol improves network communication security. If the domain server supports the LDAPS protocl, you are advised to select LDAPS.
   Port	Indicates the port number used for communication between the object service and domain server. When Protocol is set to LDAP, the default port number is 389. When Protocol is set to LDAPS, the default port number is 636.
   Base DN	Indicates the root directory of the domain server. That is, the start DN of the domain server specified for searching. After the value is configured, all users under the base DN can be added to the object service. Each entry stored in the AD domain directory database has a unique identification, which can uniquely identify an object and its location in the directory tree. The identification of each entry in the database is called distinguished name (DN). The top of the directory tree is the root directory, that is, the base DN. A DN consists of three attributes: cn, ou, and dc. For example, cn=Common name,ou=Organization unit,dc=example,dc=com is used to identify a user in an AD domain and ,dc=example,dc=com is the base DN. [Example] dc=example,dc=com

4. Click OK.

Follow-up Procedure

After the AD domain is created, bind each domain user in the AD domain to an account in the object service by referring to Creating an Account. Then, the domain users can access the object service.