Configure ES Security

Restriction: This topic applies only when the Enterprise Server feature is enabled.

To use the ES security information in LDAP, you will need to configure ES security in ESCWA:

  1. In the menu bar, click Security.

    This opens the Defined External Security Managers page.

  2. Click + Add.

    This opens the External Security Manager Configuration dialog box.

  3. In the Name field, type a descriptive name.
  4. In the Module field, type mldap_esm.
  5. In the Connection Path field, type the connection path and port number to your LDAP server.
    Note: ldap://servername or ldaps://servername to use an SSL-secured connection, if your LDAP client and server support SSL.
  6. In the Authorized ID and Password fields, type the credentials that the MLDAP ESM module requires to connect.

    The user should have read, write, and modify access to the Enterprise Server user, group, and resource objects in the LDAP repository.

    Note: You can use the Micro Focus Vault Facility to store a secret for the Authorized ID and Password fields. These fields can be specified using the forms:
    mfsecret:configuration-name:secret-path

    or:

    mfsecret::secret-path

    or:

    mfsecret:secret-path
  7. In the Description field, type a description.
  8. In the Configuration Information field, you can add a number of directives to alter the default behavior. Configure this for your particular LDAP repository requirements. A typical configuration might be:
    [LDAP]
    base=CN=Micro Focus,CN=Program Data,DC=somecorp,DC=com
    user container=CN=user-container
    group container=CN=group-container
    resource container=CN=resource-container
    [Verify]
    Mode=MF-hash
  9. In the Cache limit field, sets the size of the LDAP search-result cache.
  10. In the Cache TTL field, parameter sets the lifetime of entries in the LDAP search-result cache.
  11. Click Save.
  12. Alter the security configuration for MF Directory Server, ES Default Security, and/or specific ES servers to use your new Security Manager.

See MLDAP ESM Module for information on configuring the module to match your AD setup.