Merge Windows and UNIX tokens

You can use either the join or append operator to merge tokens from different directory services into a single OneFS user token.

About this task

When Windows and Unix user names do not match across directory services, you can write user-mapping rules that use either the join or the append operator to merge two user names into a single token. For example, if a user's Windows username is win_bob and the users Unix username is UNIX_bob, you can join or append the user tokens of the two different users.

When you append an account to another account, the append operator adds information from one identity to another: OneFS appends the fields that the options specify from the source identity to the target identity. OneFS appends the identifiers to the additional group list.

Procedure

  1. Click Access > Membership & Roles > User Mapping.
  2. Select the Current Access Zone that contains the rules you want to manage, and then click Edit User Mapping Rules.
    The Edit User Mapping Rules dialog box appears.
  3. Click Create a User Mapping Rule.
    The Create a User Mapping Rule dialog box appears.
  4. From the Operation list, select an option:
    Join two users together
    Inserts the new identity into the token.
    Append field from a user
    Modifies the access token by adding fields to it.
    Depending on your selection, the Create a User Mapping Rule dialog box refreshes to display additional fields.
  5. Populate the fields as needed.
  6. Click Add Rule.
    Note Image

    Rules are called in the order they are listed. To ensure that each rule gets processed, list replacements first and allow/deny rules last. You can change the order in which a rule is listed by clicking its title bar and dragging it to a new position.

  7. Click Save Changes.