Configure ES Security

To use the ES security information in LDAP, you will need to configure ES security in ESCWA:

1. In the menu bar, click Security.

   This opens the Defined External Security Managers page.

2. Click + Add.

   This opens the External Security Manager Configuration dialog box.

3. In the Name field, type a descriptive name.
4. In the Module field, type mldap_esm.
5. In the Connection Path field, type the connection path and port number to your LDAP server.
   Note: ldap://servername or ldaps://servername to use an SSL-secured connection, if your LDAP client and server support SSL.
6. In the Authorized ID and Password fields, type the credentials that the MLDAP ESM module requires to connect.

   The user should have read, write, and modify access to the Enterprise Server user, group, and resource objects in the LDAP repository.

   Note: You can use the Micro Focus Vault Facility to store a secret for the Authorized ID and Password fields. These fields can be specified using the forms:

   mfsecret:configuration-name:secret-path

   or:

   mfsecret::secret-path

   or:

   mfsecret:secret-path

7. In the Description field, type a description.
8. In the Configuration Information field, you can add a number of directives to alter the default behavior. Configure this for your particular LDAP repository requirements. A typical configuration might be:

   [LDAP]
   base=CN=Micro Focus,CN=Program Data,DC=somecorp,DC=com
   user container=CN=user-container
   group container=CN=group-container
   resource container=CN=resource-container
   [Verify]
   Mode=MF-hash

9. In the Cache limit field, sets the size of the LDAP search-result cache.
10. In the Cache TTL field, parameter sets the lifetime of entries in the LDAP search-result cache.
11. Click Save.
12. Alter the security configuration for MF Directory Server, ES Default Security, and/or specific ES servers to use your new Security Manager.

See MLDAP ESM Module for information on configuring the module to match your AD setup.