In this release,
Enterprise Server for .NET ships with three ESM modules:
- LogonEsm
- This module handles user verification only. It uses the
Enterprise Server for .NET Event Monitor service and its configured Logon Provider, which by default verifies users using the Windows LogonUser API.
LogonEsm is similar to the OS ESM Module for native ES. If the Logon Provider returns a Windows security token, the Event
Monitor makes that token available to the SEPs for user impersonation. User impersonation must also be enabled in
machine.config to take effect. For more information see these topics in the product documentation:
- LdapEsm
- The LdapEsm module communicates with an LDAP server such as Active Directory. It can perform user verification, resource access
control, or both. (A security configuration can include multiple security managers that use LdapEsm, if it's necessary to
use multiple LDAP directories.) LdapEsm is the equivalent to the MLDAP ESM Module in native ES, though it does not currently
provide all the same features.
- For user verification, LdapEsm supports both verifying passwords against salted password hashes stored in Micro Focus format,
and verifying user credentials by binding to the LDAP server.
- LdapEsm uses the same LDAP object classes as the MLDAP ESM, and with it the same security definitions can be used by native
ES and ES for .NET. For more information see these topics in the product documentation:
- NullEsm
- This is an ESM module provided primarily for testing purposes. By default it does nothing. It can be configured to recognize
specific user-verification and resource-access requests and return a specified result for them.
A security manager uses one of these modules. A security configuration with multiple managers (also known as "stacking" security
managers) can use managers that specify the same or different modules.