Restriction: This topic applies only when the Enterprise Server feature is enabled.
To use the ES security information in LDAP, you will need to configure ES security in
ESCWA:
- In the menu bar, click
Security.
This opens the
Defined External Security Managers page.
- Click
+ Add.
This opens the
External Security Manager Configuration dialog box.
- In the
Name field, type a descriptive name.
- In the
Module field, type
mldap_esm.
- In the
Connection Path field, type the connection path and port number to your LDAP server.
Note: ldap://servername or
ldaps://servername to use an SSL-secured connection, if your LDAP client and server support SSL.
- In the
Authorized ID and
Password fields, type the credentials that the MLDAP ESM module requires to connect.
The user should have read, write, and modify access to the
Enterprise Server user, group, and resource objects in the LDAP repository.
Note: You can use the
Micro Focus Vault Facility to store a secret for the
Authorized ID and
Password fields. These fields can be specified using the forms:
mfsecret:configuration-name:secret-path
or:
mfsecret::secret-path
or:
mfsecret:secret-path
- In the
Description field, type a description.
- In the
Configuration Information field, you can add a number of directives to alter the default behavior. Configure this for your particular LDAP repository
requirements. A typical configuration might be:
[LDAP]
base=CN=Micro Focus,CN=Program Data,DC=somecorp,DC=com
user container=CN=user-container
group container=CN=group-container
resource container=CN=resource-container
[Verify]
Mode=MF-hash
- In the
Cache limit field, sets the size of the LDAP search-result cache.
- In the
Cache TTL field, parameter sets the lifetime of entries in the LDAP search-result cache.
- Click
Save.
- Alter the security configuration for MF Directory Server, ES Default Security, and/or specific ES servers to use your new
Security Manager.
See
MLDAP ESM Module for information on configuring the module to match your AD setup.