Integrating ES External Security and Active Directory
Many ES/MSS users are interested in using Microsoft Active Directory (AD) as an ESM. The simplest way to use AD with ES is to treat it as just an LDAP directory. MSS user account information is stored as microfocus-MFDS-User objects in the directory, and user group and resource access control rules are also stored as objects defined by the Micro Focus schema. MFDS and ES are configured to use the "MLDAP" ESM module, which will process Verify and Auth requests by retrieving the appropriate records from AD and comparing them with the request data. For example, during a user sign-on request, the password will be compared against the password hash stored as the microfocus-MFDS-User-Pwd attribute of the microfocus-MFDS-User object for that user.This configuration is relatively easy to set up (the MLDAP ESM defaults can usually be used, for example) and use. (For more information see the Initial Setup of Enterprise Server Security with Microsoft Active Directory.) However, customers often want tighter integration between ES and AD. In particular, many customers find it more useful to use their existing Windows user definitions in AD as ES/MSS users.
