Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS User Mapping: Mapping Identities Across Authentication Providers > Getting the primary group from LDAP
By default, the user mapping service combines information from AD and LDAP but gives precedence to the information from AD. Mapping rules, however, can control how OneFS combines the information. You can, for example, retrieve the primary group information from LDAP instead of AD. The following mapping rule inserts the primary group information from LDAP into a user’s access token:
*\* += * [group]
The following rule appends the other information from LDAP to a user’s access token:
*\* ++ * [user,groups]