Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS User Mapping: Mapping Identities Across Authentication Providers > Usernames
In a rule, you can specify a user by the name of a UNIX user or by the name of an Active Directory user. To specify an Active Directory user, you must use the DOMAIN\user format, where DOMAIN is the name of an Active Directory domain. In a domain name or a username, you can add a wildcard by using an asterisk (*).
In its most basic form, a rule combines a source username with an operator and a target username in the following format:
sourceUsername operator targetUsername
isi auth mapping token YORK\\user_9440 User
Name: YORK\user_9440
UID : 1000001
SID: S-1-5-21-1195855716-1269722693-1240286574-11547
On Disk: S-1-5-21-1195855716-1269722693-1240286574-11547
ZID: 1
Zone: System
Privileges: -
Primary Group
Name: YORK\domain users
GID: 1000000
SID: S-1-5-21-1195855716-1269722693-1240286574-513
Supplemental Identities
Name: Users
GID: 1545
SID: S-1-5-32-545
An Active Directory user account
A UID that was automatically generated by OneFS
On the contrary, LDAP contains a user named lduser_010 with the following account information:
isi auth mapping token lduser_010
User
Name: lduser_010
UID: 10010
SID: S-1-22-1-10010
On Disk: 10010
ZID: 1
Zone: System
Privileges: -
Primary Group
Name: example
GID: 10000
SID: S-1-22-2-10000
On Disk: 10000
Supplemental Identities
Name: ldgroup_20user
UID: -
GID: 10026
SID: S-1-22-2-10026
A UNIX user account in LDAP named lduser_010
The user’s UID in LDAP
OneFS generated a SID for the account; the SID contains the UID from LDAP
The following rule uses the symbol for the replace operator to replace the Active Directory user with the user from LDAP named lduser_010:
isi zone zones modify System --user-mapping-rules="YORK\\user_9440 => lduser_010"
After setting the rule, you can view it with the following command:
isi zone zones view System
Name: System
Cache Size: 4.77M
Map Untrusted:
SMB Shares: -
Auth Providers: -
Local Provider: Yes
NetBIOS Name: All
SMB Shares: Yes
All Auth Providers: Yes
User Mapping Rules: YORK\user_9440 => lduser_010
Home Directory Umask: 0077
Skeleton Directory: /usr/share/skel
Audit Success: -
Audit Failure: -
Zone ID: 1
The rule changes the access token for the Active Directory user by replacing the identity from Active Directory with the identity from LDAP; it is the same user, but now the identity information comes from LDAP:
isi auth mapping token YORK\\user_9440
User
Name: lduser_010
UID: 10010
SID: S-1-22-1-10010
ZID: 1
Zone: System
Privileges: -
Primary Group
Name: example
GID: 10000
SID: S-1-22-2-10000
Supplemental Identities
Name: ldgroup_20user
GID: 10026
SID: S-1-22-2-10026
A user account from LDAP
The user’s UID from LDAP
The SID generated from the user’s UID in LDAP