Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS User Mapping: Mapping Identities Across Authentication Providers > Creating rules in a text file
With the command-line interface, you can add mapping rules from a text file. Creating your mapping rules in a text file simplifies management and makes it much easier to add many rules to an access zone. The text file can include comments, usernames, wildcards, operators, and options.
You must encode a text file with user mapping rules in UTF-8. The file can contain comments set off by a number sign; a comment continues only to the end of the line. If you leave the file empty, OneFS resolves users without mapping them.
You create rules in the text file by using the same syntax as the rules that you set with the command-line interface, except for the parameter for the default UNIX user:
username1 operator username2 [options]
In a text file, you set a parameter by enclosing it in angle brackets and placing it in a separate line. The formatting of a default UNIX user that appears in the rule is the same as that for a username—for example:
<default_unix_user=guest>
Here is an example of how to create a set of user mapping rules in a text file and load the file into OneFS. The example text file contains comments that describe the rules. For this example, assume that the cluster is joined to an Active Directory domain named IT.
#Turn administrator accounts from all Active Directory domains into nobody:
*\Administrator => nobody
#Rename user johnd to jdoe from all domains but retain the original domain:
*\johnd => *\jdoe
#Join AD users and local users with the same username:
IT\* &= *
#Append the supplemental groups from IT\userx to every UNIX account:
* ++ IT\userx [groups]
Remove the comments and load the rules by running the following command. The command assumes that you first added a text file with the rules to the tmp directory and that you want to add the rules to the access zone named System. You must also run this command with the quotation marks—double, single, and especially the grave accent (`)—set in exactly the same way as the following command:
isi zone zones modify System --user-mapping-rules="`grep -v '#'
/tmp/rules.txt`"
Finally, you can view the rules to verify that OneFS loaded them:
isi zone zones view System
Name: System
Cache Size: 4.77M
Map Untrusted:
SMB Shares: -
Auth Providers: -
Local Provider: Yes
NetBIOS Name: All
SMB Shares: Yes
All Auth Providers: Yes
User Mapping Rules: *\Administrator => nobody
*\johnd => *\jdoe IT\* &= *
* ++ IT\userx [groups]
Home Directory Umask: 0077
Skeleton Directory: /usr/share/skel
Zone ID: 1