Managing LDAP Security Manager from the Enterprise Server UI

Restriction: This topic applies only when the Enterprise Server feature is enabled.

You use the mldap_esm security manager to configure an LDAP server for use with your Enterprise Server installation. You can configure a security manager so that you can use it to administer the LDAP information from the MFDS user interface. This applies to Active Directory and other LDAP implementations, for example OpenLDAP.

Note:

Typically:

  • You use your LDAP's administration and management functionality to configure and manage your LDAP.
  • You use the Enterprise Server user interface to make minor changes to LDAP configurations.

The ESF administration facility makes some security checks before it attempts to process an administration request:

  1. It requires the user be successfully signed into ESF.
  2. The MLDAP ESM Module checks to see if the user has execute permission for a resource with the same name as the command (for example ADDUSER) under the class AdminAPI. See the complete list of esfadmin sub-commands in the section esfadmin Sub-commands. This class is optional, and if there is no applicable rule, access is allowed.
Note: The requirement to be signed into ESF can be disabled for LIST commands, using the allow-list configuration option:
[Admin]
allow-list=yes
This allows ESF Admin LIST requests by anonymous users, that is, without specifying credentials. It applies only to LIST requests.