Configuring External Security Facility (ESF) from the Command Line

Restriction: This topic applies only when the Enterprise Server feature is enabled.

esfadmin is a command-line utility that calls the ESF Admin API to request administrative actions against ESMs. It is a part of Visual COBOL and COBOL Server, and can be found in the %ProgramFiles(x86)%\Micro Focus\Visual COBOL for Visual Studio 2013\bin and \bin64 directories.

One advantage of esfadmin is that it can be used to perform batch updates to an ESM, typically as part of a script. Another is that you supply all its configuration information on the command line, so you do not have to configure your MLDAP security manager in MFDS with an LDAP administrative user ID.

The ESF administration facility makes some security checks before it attempts to process an administration request:

  1. It requires the user be successfully signed into ESF.
  2. The MLDAP ESM Module checks to see if the user has execute permission for a resource with the same name as the command (for example ADDUSER) under the class AdminAPI. See the complete list of esfadmin sub-commands in the section esfadmin Sub-commands. This class is optional, and if there is no applicable rule, access is allowed.
Note: esfadmin is a generic utility which accepts a wide range of options and values, not all would be available to all security managers. This can result in requests failing, depending on the configuration of the security manager that is being used.