Many customers use local ECS authentication for management users. The management users then define all object users, generally one per application. For customers that leverage AD and/or LDAP, groups or users are assigned to management roles, as opposed to local user accounts. Some things to note when using authentication providers include:
- Active Directory (AD) - An AD domain group can only be the namespace admin for one namespace. Generally, storage administrators create an AD group for each namespace and assigned AD users to that group. Namespace users can use the Web UI and only see things pertaining to their namespace.
- Lightweight Directory Access Protocol (LDAP) - LDAP users can be administrative users in ECS. LDAP groups are not used in ECS.
- Local - Local management users are not replicated between sites.