To Update Security Manager Changes Using esfupdate

If you are using an External Security Manager (ESM) and changes are made to the security information, such as adding a user or changing group membership, there are two ways in which you can notify Enterprise Server so that it uses the updated information:

The Enterprise Server Common Web Administration (ESCWA) interface.
The esfupdate utility

This topic describes the steps required to use the esfupdate utility.

The syntax of the esfupdate utility is as follows:

esfupdate [options] update-type [entity-name]

Options

The following lists the available options, actions, and their description:

Option	Action	Description
-a	`action`	The update action to perform can be one of the following: add delete modify other The default value is modify.
-u	`user`	The username or secret location for binding to Directory Server.
-p	`password`	The password or secret location for binding to Directory Server.
-m	`host[:port]`	The location of Directory Server. The default location is localhost:86.
-r	`server`	The name of the server(s) to update. This can include wildcards.
-M		Updates the Directory Server.
-v		Displays version information and exits.
-h		Displays syntax information and exits.

update-type: One of user, group, resource, users, groups, resources, or all.
entity-name: Must be supplied if update-type is user, group, or resource. Otherwise omitted.
If the update-type is user, and you are using name mapping, you can supply the short name (Enterprise Server userid) of the user to be updated. With the MLDAP ESM Module version 2.5.27 (for Enterprise Server 5.0), 2.7.9 (for Enterprise Server 7.0), or 2.8.0 or later, you can also use the long name (ESM username).

Comments

If user and password are not supplied, esfupdate attempts to bind to Directory Server anonymously.

If user is supplied but not the password, you will be prompted for it.

If neither -M nor -r are specified, update notifications are sent to Directory Server and all running servers.

The example below notifies the Directory Server and any running Enterprise Server that the user SAFU has been modified. This could mean that its Mainframe Subsystem Support user attributes (such as user priority) have been changed, or that it has been added to (or removed from) a group. It will bind to Directory Server as the SYSAD user:

esfupdate -u CN=SYSAD -p SYSAD user SAFU

The following example uses the Micro Focus Vault Facility to obtain a secret:

esfupdate -u mfsecret:admin/username -p mfsecret:admin/password all