ESF-Administering ESF Configuration

To configure security configuration, open the Enterprise Server for .NET Administration UI.


GUID-608806A7-6F57-43A7-AADB-2F56F4A1C149-low.png

Select the System > Security Configurations and Managers node in the system, as in 1 above. Right-click and add the server instance if one is not already defined.


GUID-AB2DD30E-C3B9-473A-AB40-C419C2ECE484-low.png

Click OK.


GUID-5DF8878F-CDA7-45E2-B69C-2CC3D764CB4B-low.png

Expand the Security and Configuration Managers node (1).

Select the server instance you want to configure (2).

Click Add (3).


GUID-28AE7768-5C47-42F3-8AC3-E8919DF0F458-low.png

Click the Security Manager Definition menu item (1).


GUID-51FD1026-4F22-4B2A-8FBD-12BF697187E5-low.png

Enter the appropriate fields as above.

  1. Name

    The name of this Security Manager Definition.

  2. Description

    A description of this Security Manager Definition.

  3. ESM Module Name

    The name of the External Security module that will be loaded.

  4. Cache Limit

    If the module has a configurable cache for holding responses from the security manager, enter its maximum size in kilobytes here.

  5. Cache Time to Live

    If the module has a configurable cache for holding responses from the security manager, enter the maximum time in seconds that an entry in the cache can be used to satisfy requests before the details must be re-queried from the security manager.

  6. Disable security manager.
  7. Check this box to disable this security manager.

For the Connection Details tab.


GUID-CFB6C2AB-5DDC-40DF-AAA1-863C93746AB6-low.png

  1. Connection Path

    If the module requires a connection string that tells it how to connect to the external security manager, specify it here.

    The information supplied in the string and its format depend on the module that you are using. For details, please see the documentation supplied with the module.

  2. Authorized ID

    If the module requires an ID to connect to the external security manager, specify it here.

    As with the connection path, the content and format of these fields depend on the module that you are using. For details, see the documentation supplied with the module.

  3. Password

    If the module requires a password to connect to the external security manager, specify it here.

    As with the connection path, the content and format of these fields depend on the module that you are using. For details, see the documentation supplied with the module.

For the Configuration Tab


GUID-0153F6A4-AB08-4E78-BA20-4D97156B6CF3-low.png

  1. This is a free-format text box where you can enter further configuration parameters that may be required for an ESM module.

Create a New Security Configuration Definition.

Click Add again, and select Security Configuration Definition.


GUID-1D451F55-E1D4-4EB7-9554-95D6DF26B3DE-low.png

  1. Name

    The name used to identify this Security Configuration.

  2. Cache Limit

    Enter the maximum size in kilobytes that the Directory Server or enterprise server's security facility can use for caching the results of security queries.

  3. Cache Time to Live

    Enter the maximum time in seconds that an entry in the cache can be used to satisfy requests before the details must be re-queried from the security manager.

  4. Allow unknown resources

    Check this if you want the security facility to permit access to any unknown resource; that is, any resource for which all entries on the priority list return Unknown.

    You might use this in circumstances where you only want to restrict access to some resources.

  5. Allow unknown users

    Check this if you want to allow unknown users to log in.

  6. Create audit events

    Check this to enable the enterprise server or Directory Server to generate security audit events. These events can be captured and logged by the Audit Facility.

  7. Use all groups

    Check this if a user requesting authorization is to have the permissions of every group to which he belongs.

    Uncheck this if the user is to have only the permissions of the group specified in the initial security API call that requested verification (authentication) of the user's credentials. Where no group is specified in the verify call, a default group is used.

  8. Verify against all

    Set this if you want each security query to be checked by all entries on the Security Manager Priority List.

    If this is not set, the entries will be queried in the order that they appear on the Priority List until one gives a response of Allow, Deny, or Fail (equivalent to Deny). This response will then be used to decide what action should be taken.

    If this field is set, all entries on the list will be queried, and if any returns a Deny or Fail, the access request will be denied. If there are no Deny or Fail responses and at least one of the entries on the list gives Allow as its response, the request will be allowed.

    If a security manager does not have a rule for the resource or user specified in the request, it gives a response of Unknown. Whatever the setting of the Verify against all Security Managers field, if all of the entries on the priority list respond with Unknown, the request will be denied unless you have checked Allow unknown resources or Allow unknown users.

For the Security Managers tab


GUID-6C95A5B6-62F7-400B-8C0E-6D73986956EC-low.png

  1. Select the Security manager required to participate in this configuration.

    Once added, the order in which the security manages are called is configured by moving them up and down using the appropriate buttons.

For the Configuration tab


GUID-BB48F126-9324-42B9-977C-2B7AEB727628-low.png

  1. This is a free-format text box where you can enter further configuration parameters that may be required for this configuration.