When federation is enabled, ESM Modules attempt to share information and responsibilities, so that multiple ESMs behave as if they all had the same information about users, groups, and resources. For example, suppose you have multiple LDAP repositories with security information: a user might be defined in one LDAP repository, and a resource access control rule in another. If you want the resource control rules from one LDAP repository to apply to users defined in another LDAP repository, you would enable federation.
Disabling federation, instructs ESM Modules to attempt to act independently of each other. With federation disabled, the access control rules defined in one ESM should only apply to users who are also defined in that ESM.
If federation is not configured, and two or more security managers which use the MLDAP ESM Module are used, the system will operate in "compatibility mode" for federation. This implements the historical behavior of old product versions prior to the introduction of full federation support. In this mode, ESM Modules do not fully federate but have some interaction, which can lead to unexpected results in some cases. Compatibility mode is currently deprecated. Micro Focus strongly recommends that you explicitly configure federation as either enabled or disabled, depending on your requirements. [1]
If you are not sure what setting to use, try the following guidelines:
If none of the above apply, you can probably disable federation.