Previous Topic Next topic Print topic


Configuring External Security Facility (ESF) from the Command Line

Restriction: This topic applies only when the Enterprise Server feature is enabled.

esfadmin is a command-line utility that calls the ESF Admin API to request administrative actions against ESMs. It is a part of Visual COBOL and COBOL Server, and can be found in the $COBDIR\bin and \bin64 directories.

One advantage of esfadmin is that it can be used to perform batch updates to an ESM, typically as part of a script. Another is that you supply all its configuration information on the command line, so you do not have to configure your MLDAP security manager in MFDS with an LDAP administrative user ID.

The ESF administration facility makes some security checks before it attempts to process an administration request:

  1. It requires the user be successfully signed into ESF. This requirement can be disabled for LIST commands using the allow-list configuration option.
  2. The MLDAP ESM Module checks to see if the user has execute permission for a resource with the same name as the command (for example ADDUSER) under the class AdminAPI. See the complete list of esfadmin sub-commands in the section esfadmin Sub-commands. This class is optional, and if there is no applicable rule, access is allowed.
Previous Topic Next topic Print topic