Hi Jim - Erik Thoen can speak more to the STRICT and MODERATE modes that you've mentioned above. I believe you pulled this information from a white paper, correct?
James Process, Maxim Igolnikov or John P LaFleur should have config for creating the user and admin roles, which are currently the two access control roles that can be configured in the GUI or PCLI.
Here is a minute video on LDAP that may also help a bit.