Identity management modes for unified file and object access
The following section gives information about the two identity management modes for unified file and object access: local mode and unified mode. This section also describes how to configure these modes for a system.
Unified file and object access comprises the following two modes:
- local_mode: Non-unified identity between object and file (Default mode)
- unified_mode: Unified identity between object and file
The mode is represented by the id_mgmt configuration parameter in the object-server-sof.conf file:
id_mgmt = local_mode | unified_mode
You can change this parameter by using the mmobj config change command. For more information, see Configuring authentication and setting identity management modes for unified file and object access.
If you are upgrading from IBM Spectrum Scale™ 4.1.1, id_mgmt = local_mode is the default setting.
Only one mode can be effective at a given time and it needs to be configured by the administrator for the entire system. id_mgmt = local_mode is the default setting.
If you plan to use unified_mode, the authentication mechanism for file and object must be the same. If you set id_mgmt to unified_mode and the file authentication and object authentication are not common, then the ID resolution of the users will either not work or it will be incorrect. This will lead to either object not being created with 503 error* return code or object being created with improper user ID. Therefore, it is very important that the administrators ensure that a common authentication with appropriate ID mapping is configured for file and object.
* If you are using swift client, instead of 503, you might get an error similar to the following:
'put_object('container_name', 'object_name', ..) failure and no ability to reset contents for reupload.'