Adding Windows Users to MSS Groups

MSS resource access is typically controlled by rules that apply to user groups rather than to individual users, so you will probably want to add your Windows users to MSS user groups (SYSADM, etc) as appropriate. See the product documentation for more information about MSS user groups and how groups are used.

MSS user groups will be defined in the user group container that was created as part of the initial ES LDAP setup process. Usually this container is called "Enterprise Server User Groups".

Adding a user to a group is simply a matter of adding that user's common name (CN), which is the user's Windows login name (without any domain prefix or suffix), to the microfocus-MFDS-Group-Member attribute of the appropriate group. This is a multi-valued attribute, so it can have any number of user names specified for it. You will need to use an AD administration tool such as ADSIEdit or a custom LDIF file to make this change.

Once you have completed ES configuration, you may be able to use the MFDS user group administration screens to add or remove users from groups. (This depends on appropriate configuration in MFDS, appropriate permissions granted to the user account used by the ESM module, and other factors, so it may not work for all installations.)

Micro Focus plans to provide additional tools to maintain MSS user groups in future releases.