Specifying an External Security Manager

This topic shows you how to specify an External Security Manager (ESM).

To specify an External Security Manager and add it to the security managers list used in the Security Facility Configuration tab:

  1. In the menu bar, click Security.
  2. In the navigation tab, click Security Managers.
  3. Click + Add.

    This opens the External Security Manager Configuration dialog box.

  4. Ensure Enabled is checked.
  5. In the Name field, type the name of your security manager.
    Note: This is the name that will be displayed in the navigation tree.
  6. In the Module field, type the name of the ESM module to use. If you are integrating with an LDAP repository such as Active Directory or OpenLDAP, specify mldap_esm. Use vsam_esm for the VSAM ESM Module. See About Security Managers for more information.
  7. In the Connection Path field:
    • For MLDAP ESM Module, type the hostname or IP address and port number of the LDAP server being connected to. For example ad-host:389. The default is localhost:389.
    • For VSAM ESM Module, type the path to the security data directory. The default is $COBDIR/etc/config/vsam_esm (UNIX).
    • For other ESM modules, refer to the documentation for that module. Most will leave this field blank.
  8. In the Description field, type a description of the security manager.
  9. In Authorized ID field, for mldap_esm, type the DN of a user with appropriate permissions for the security manager. For example, CN=Administrator,CN=users,DC=somecorp,DC=com. The default is to use the read-only account MFReader which is defined in the sample LDIF file supplied with the product. For other ESM modules, leave this blank.
  10. In the Password field, type the password for the user specified in the Authorized ID field, if any. The default for mldap_esm is the default password for the MFReader account.
  11. In the Configuration Information field, type the required configuration options. See the documentation for your ESM module, such as MLDAP ESM Module Custom Configuration Information for more information.
  12. By default, the Cache Limit and Cache TTL fields are set to 1024 kB and 600 seconds respectively. Currently, only the MLDAP ESM Module makes use of these settings. See MLDAP ESM Module Caching for more information.
  13. Click Save.

    This adds the specified security facility to the Defined External Security Managers list.

  14. To add the specified external security manager to the ESCWA Configuration in the Security Managers in list, click ESCWA Configuration in the navigation pane, and then click + Add.

    This opens the Defined External Security Managers dialog box.

  15. Check the external security managers that you want to add to the security managers list.
  16. Click Select.
Note: You can use the Micro Focus Vault Facility to store a secret for the Authorized ID and Password fields. These fields can be specified using the forms: 
mfsecret:configuration-name:secret-path

or: 

mfsecret::secret-path

or: 

mfsecret:secret-path
Parent topic: Restricting ESCWA with ESF
Related reference
Enabling and Configuring ESF Caching
Configuring mldap_esm Security Manager for an LDAP Server