The Security Manager Stack

An ESF configuration is defined (in MFDS) as one or more security managers, arranged in a list or stack. A security manager is an ESM module plus its configuration information, and a stack specifies which security managers will be used, and in what order they'll be called.

The configuration presented here will include a security manager using OS ESM and another manager using MLDAP ESM, configured to use the Microsoft user LDAP object class for users (rather than the default Micro Focus user class). These managers will be stacked so that the OS ESM is called first.

For Verify requests, ESF will call the OS ESM, which will use Windows to authenticate the user, as described above. Then (if the user is successfully verified) ESF will call the MLDAP ESM, which will load the user's MSS attributes from AD.

For Auth requests, ESF will only call the MLDAP ESM, since the OS ESM does not implement Auth. The MLDAP ESM will apply the access control rules defined in AD.