OS ESM only supports the Verify operation (user sign-on). It does not do any resource access control (the Auth and XAuth operations), so if you want to control access to resources for signed-on users, you will need to configure another ESM Module for that purpose.
This is called stacking ESM Modules. For each ESF request, the modules are called in turn until one of them handles the request. If you stack the OS ESM module first and another ESM Module, such as the MLDAP ESM Module, after it, then Verify (sign-on) requests will be handled by OS ESM. But since OS ESM doesn't handle Auth (resource access) requests, those will go through to the second ESM Module.
To stack the OS ESM with another ESM Module, use the MFDS administration GUI to update your security configuration. First create two Security Managers, one for each ESM Module, if you don't already have them. Then edit the appropriate security configuration (the Default Enterprise Server Security, the MFDS Security, or the security configuration for a specific Enterprise Server region) and add both of your security managers to it. Make sure the OS ESM security manager is first in the list; if not, use the arrow buttons to change the order of the managers in the list.