Enterprise Server implements access control (including user authentication and authorization and resource access control) using an architecture in which security requests are relayed to External Security Managers (ESMs). At the core of this architecture is a security layer, referred to as the External Security Facility (ESF).
Components that submit security requests are referred to as security consumers. A consumer makes its request to the ESF, which passes the request to the relevant ESMs and returns the response to the consumer.
An ESM can be entirely independent of Enterprise Server. It could be a database, a directory, an operating system mechanism or something else. You enable the ESF to talk to ESMs by providing plugin modules, referred to as ESM modules.
The ESF is present in both Enterprise Server and Directory Server, and it provides an API which they use to perform security checks. It is also responsible for loading and invoking ESM Modules, managing a cache of security query results, and maintaining configuration information for ESM Modules and itself.
Full details of the architecture and the associated APIs are supplied in the documentation listed below.