Specifying an External Security Manager

This topic shows you how to specify an External Security Manager (ESM).

To specify an External Security Manager and add it to the security managers list used in the Security Facility Configuration tab:

  1. In the menu bar, click Security.
  2. In the navigation tab, click Security Managers.
  3. Click + Add.

    This opens the External Security Manager Configuration dialog box.

  4. Ensure Enabled is checked.
  5. In the Name field, type the name of your security manager.
    Note: This is the name that will be displayed in the navigation tree.
  6. In the Module field, type the name of the security manager to use. If you are integrating with an LDAP you can use the mldap_esm with both Microsoft Active Directory or OpenLDAP.
  7. In the Connection Path field, type the hostname or IP address and port number of the security manager being connected to. For example ad-host:389.
  8. In the Description field, type a description of the security manager.
  9. In Authorized ID field, type the DN of a user with appropriate permissions for the security manager. For example, CN=Administrator,CN=users,DC=somecorp,DC=com.
  10. In the Password field, type the password for the user specified in the Authorized ID field.
  11. In the Description, type a description that can identify the use of the security manager.
  12. In the Configuration Information field, type the required configuration options. See Configuring mldap_esm Security Manager for an LDAP for more information.
  13. By default, the Cache Limit and Cache TTL fields are set to 1024 kB and 600 seconds respectively. Currently, only the MLDAP ESM Module makes use of these settings. See MLDAP ESM Module Caching for more information.
  14. Click Save.

    This adds the specified security facility to the Defined External Security Managers list.

  15. To add the specified external security manager to the ESCWA Configuration in the Security Managers in list, click ESCWA Configuration in the navigation pane, and then click + Add.

    This opens the Defined External Security Managers dialog box.

  16. Check the external security managers that you want to add to the security managers list.
  17. Click Select.
Note: You can use the Micro Focus Vault Facility to store a secret for the Authorized ID and Password fields. These fields can be specified using the forms: 
mfsecret:configuration-name:secret-path

or: 

mfsecret::secret-path

or: 

mfsecret:secret-path
Parent topic: Restricting ESCWA with ESF
Related reference
Enabling and Configuring ESF Caching
Configuring mldap_esm Security Manager for an LDAP Server