The es-ldap-setup AD Setup Script

Restriction: This topic applies only when the Enterprise Server feature is enabled.

The es-ldap-setup script defines the LDAP object classes and containers (the schema) that will hold ES data. That is, it configures AD LDS or AD so that you can use it with Enterprise Server.

By default, the script is installed by default into the %ProgramFiles(x86)%\Micro Focus\Visual COBOL\bin directory.

The full syntax for es-ldap-setup is:

es-ldap-setup [/?] [/AD] username password partition server

Most users will run es-ldap-setup with no parameters, but in some cases you may want to specify a username and password:

These are the actions es-ldap-setup performs:

  1. Prompts for values for username, etc, if they are not specified on the command line. Press Enter to accept the default, or supply a different value.
  2. If AD LDS (or AD) is not configured to allow password operations over unsecured connections, the script will configure it to allow them. This is required by some of the following actions. If the script changes this option on the server, it will reset it to its old value before exiting.
  3. Adds the ES user, group, and resource LDAP class definitions to the schema. These specify what attributes each of these types of object has.
  4. Adds the container objects for ES to the repository.
  5. Creates MFReader, the default LDAP user account for ES.

Before each action, es-ldap-setup will pause and tell you what it's about to do. When it finishes, it will report how many actions succeeded and how many failed, and give a list of the failing actions, which you can provide to Micro Focus Support if you have questions.

Note: Some users may encounter a known issue with the AD LDS dsmgmt utility when running the script. If you get an error message similar to the following:
DsBindWithSpnExW error 0x6ba (The RPC server is unavailable.)

then there is an issue with your network configuration which is preventing the utility from connecting to your AD LDS server. This is a Windows issue, not a Micro Focus one. Possible fixes include:

  • Remove IPv6 support from your network configuration.
  • Specify the LDAP server address for the script using your local hostname rather than localhost. (Remember to include the port number, as in myhost:389.)
  • Disable your local system's firewall while running the script. With some application firewalls, such as Symantec Client Security, disabling the firewall may not be sufficient, and you may have to manually disable or delete rules that affect the ICMP protocol.
  • Check that your hosts file (%systemroot%\system32\drivers\etc\hosts) does not contain any invalid entries for localhost or your local hostname.