Managing LDAP Security Manager from the Enterprise Server UI

You use the mldap_esm security manager to configure an LDAP server for use with your Enterprise Server installation. You can configure a security manager so that you can use it to administer the LDAP information from the MFDS user interface. This applies to Active Directory and other LDAP implementations, for example OpenLDAP.



  • You use your LDAP's administration and management functionality to configure and manage your LDAP.
  • You use the Enterprise Server user interface to make minor changes to LDAP configurations.

The ESF administration facility makes some security checks before it attempts to process an administration request:

  1. It requires the user be successfully signed into ESF.
  2. The MLDAP ESM Module checks to see if the user has execute permission for a resource with the same name as the command (for example ADDUSER) under the class AdminAPI. See the complete list of esfadmin sub-commands in the section esfadmin Sub-commands. This class is optional, and if there is no applicable rule, access is allowed.
Note: The requirement to be signed into ESF can be disabled for LIST commands, using the allow-list configuration option:
This allows ESF Admin LIST requests by anonymous users, that is, without specifying credentials. It applies only to LIST requests.