vserver group-mapping insert

Create a group mapping at a specified position

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver group-mapping insert command creates a group mapping at a specified position in the priority list. The command rearranges the list as needed to accommodate the new entry. For instance, if you have a priority list of five mappings and insert a new mapping at position 3, the mapping previously at position 3 is moved to position 4, the mapping previously at position 4 is moved to position 5, and the mapping previously at position 5 is moved to position 6. Each mapping direction (Kerberos-to-UNIX, Windows-to-UNIX, and UNIX-to-Windows) has its own priority list.

You can specify patterns as POSIX regular expressions. For information about regular expressions, see the UNIX reference page for regex(7).

Each Vserver can have up to 1024 group mappings in each direction.

The vserver group-mapping insert command is not supported on Vservers with FlexVol volumes.

Note: If you are using the CLI, you must delimit all regular expressions with double quotation marks ("). For instance, to enter the regular expression (.+) in the CLI, type "(.+)" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".

Parameters

-vserver <vserver name> - Vserver
This parameter specifies the Vserver on which you want to create the group mapping.
-direction {krb-unix|win-unix|unix-win} - Name Mapping Direction
This parameter specifies the direction of the group mapping. Possible values are krb-unix for a Kerberos-to-UNIX group mapping, win-unix for a Windows-to-UNIX group mapping, and unix-win for a UNIX-to-Windows group mapping.
-position <integer> - Position
This parameter specifies the position in the priority list at which you want to insert the new group mapping. Specify a position as a positive integer.
-pattern <text> - Pattern
This parameter specifies the pattern you want to match. Refer to the command description section for details. The pattern can be up to 256 characters in length.
-replacement <text> - Replacement
This parameter specifies the replacement pattern. The replacement pattern can be up to 256 characters in length.

Examples

The following example creates a group mapping on a Vserver named vs1. It is a group mapping from Kerberos to UNIX. It is inserted into the priority list at position 2. The group mapping maps any principal in the Kerberos realm SEC.EXAMPLE.COM to the UNIX group name corresponding to the principal's base name with any instance names removed; for example, artists/admin@SEC.EXAMPLE.COM is mapped to artists.
cluster1::> vserver group-mapping insert -vserver vs1 -direction krb-unix -position 2 -pattern "([^@/]+)(/[^@]+)?@SEC.EXAMPLE.COM" -replacement "\1"