Use the following procedure to configure identity mapping.
Before You Begin
Ensure that you are joined to at least one Active Directory domain.
hostname:configuration services idmap> get <status> = online ad_unixuser_attr = ad_unixgroup_attr = nldap_winname_attr = directory_based_mapping = none The three *_attr properties correspond to the three fields on C>S>Identity Mapping>Properties.
hostname:configuration services idmap> set directory_based_mapping=none hostname:configuration services idmap>
ad_unixuser_attr - Name in the Active Directory database of the equivalent UNIX user name
ad_unixgroup_attr - Name in the Active Directory database of the equivalent UNIX group name
nldap_winname_attr - Name in the LDAP database of the equivalent Windows identity
hostname:configuration services idmap> set directory_based_mapping=name hostname:configuration services idmap> set ad_unixuser_attr=demo_unixuser hostname:configuration services idmap> set ad_unixgroup_attr=demo_group hostname:configuration services idmap> set nldap_winname_attr=demo_winuser
hostname:configuration services idmap> set directory_based_mapping=idmu hostname:configuration services idmap>
For information on the different mapping modes, see Identity Mapping Concepts.
To create an "allow" or "deny" mapping rule, see Creating a Mapping Rule (CLI).