LDAP Security Manager

Restriction: This topic applies only when the Enterprise Server feature is enabled.

You will need to create a security manager to get security rules from AD over LDAP, using the MLDAP ESM Module:

  1. Select the Security tab and click Add.
  2. Enter the following information:
    Fieldname Contents
    Name LDAP
    Module Name mldap_esm
    Connection Path The servername
    Authorized ID cn=AD-admin,cn=users,domain-DN, for example:

    cn=administrator,cn=users,DC=dept,DC=mydom,DC=com

    Password AD-password
  3. In the Configuration Information field, type a number of directives to alter the default behavior. Configure this for your particular LDAP repository. A typical configuration based on the sample configuration would be:
    [LDAP]
    base=[domain DN]
    user class=user
    user container=CN=Users
    group container=CN=Enterprise Server User Groups,
      CN=Micro Focus,CN=Program Data
    resource container=CN=Enterprise Server Resources,
      CN=Micro Focus,CN=Program Data
    
    [Verify]
    mode=bind
    password type=AD
  4. Click Add

Note that in a production environment you would not want to use your AD administrative ID for the security manager, since that would create a security risk. It is shown only for convenience here.

In production, you would use an ID that had only the necessary permission for the repository, based on your intended use. (Basic ES security functions only need read access to the user information and the folders under cn=Micro Focus,cn=Program Data. If you want to use MFDS to administer ES groups and resources under LDAP, you have to use an account that also has write permission to the MF program data objects.)