After installing ES and ADAM, and creating your ADAM application partition (unless you are using AD), you will need to define the LDAP object classes and containers (the schema) that will hold ES data. That data includes:
- The users who are authorized to sign on to MSS and/or MFDS.
- User attributes such as display name, timeout, and account expiration. One important attribute is the password verifier, which is used to check the user's password at sign-on. The verifier is a salted cryptographic hash of the password, and cannot be "decrypted" to recover the password.
- User groups. Permissions can be assigned to groups rather than individual users, for administrative convenience and to provide role-based security.
- Resource access definitions. ES groups resources into classes, and within each class you can specify access rules for individual resources, or for multiple resources using wildcards. Resource access rules themselves are Access Control Lists that set the access level for a single user, a user group, or any users or groups that match a string with wildcard characters.
- LDAP users. ES itself needs to sign on to the LDAP server (ADAM or AD) with at least read access to the repository, so the setup process creates a user account in the LDAP server named "MFReader" with read-only access. Also, the setup process needs administrative access to the repository, so it creates an administrative account (for ADAM only; for AD, you have to specify an existing administrative account).
After the LDAP schema is created, it needs to be populated with the ES users, groups, and resources from the default configuration, plus any additional MSS users and MFDS users and groups you may have created.
Micro Focus supplies a command script, es-ldap-setup.cmd, which will perform these steps for you. This script is provided as a sample, and may need to be modified for your installation, particularly if you are using the full Active Directory (rather than ADAM) as your LDAP server for Enterprise Server.