Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS User Mapping: Mapping Identities Across Authentication Providers > Creating a mapping rule from the CLI
Here is an example of how to add a mapping rule to a zone by using the CLI on OneFS 7.0 or later. First, consider the following token for a user from Active Directory:
isi auth mapping token YORK\\user_9440
User
Name: YORK\user_9440
UID: 1000201
SID: S-1-5-21-1195855716-1269722693-1240286574-11547
ZID: 1
Zone: System
Privileges: -
Primary Group
Name: YORK\domain users
GID: 1000000
SID: S-1-5-21-1195855716-1269722693-1240286574-513
Supplemental Identities
Name: Users
GID: 1545
SID: S-1-5-32-545
The following command creates a rule in the default access zone that merges the YORK\user_9440 from AD with a user from LDAP named lduser_010:
isi zone zones modify System --add-user-mapping-rules "YORK\user_9440 &= lduser_010"
You can run the following command to see the rule:
isi zone zones view System
Name: System
Cache Size: 4.77M
Map Untrusted:
SMB Shares: -
Auth Providers: -
Local Provider: Yes
NetBIOS Name:
All SMB Shares: Yes
All Auth Providers: Yes
User Mapping Rules: YORK\user_9440 &= lduser_010
Home Directory Umask: 0077
Skeleton Directory: /usr/share/skel
Zone ID: 1
And then you can check the token again to see the changes:
isi auth mapping token YORK\\user_9440
User
Name: YORK\user_9440
UID: 1000201
SID: S-1-5-21-1195855716-1269722693-1240286574-11547
ZID: 1
Zone: System
Privileges: -
Primary Group
Name: YORK\domain users
GID: 1000000
SID: S-1-5-21-1195855716-1269722693-1240286574-513
Supplemental Identities
Name: Users
GID: 1545
SID: S-1-5-32-545
Name: lduser_010
UID: 10010
SID: S-1-22-1-10010
Name: example
GID: 10000
SID: S-1-22-2-10000
Name: ldgroup_20user
GID: 10026
SID: S-1-22-2-10026