Hello! We've been given (by Lawson consultant, who no longer works with us) a Perl script to convert .csv file into .xml file to mass-load users into ADAM with loadusers routine. It worked fine on 9.0.2 platform, but on 9.0.3 one, the loadusers chocked because it seems like one of the field names changed - from 'Firstname' to 'FirstName'. It's no big deal to tweak the Perl script, but I was wondering if there was a place this script is maintained and can be downloaded from Thanks!

I am running LSF 9.0.1.5 I ran lsdump -f uat.xml PROFILE UAT -addRoleMapping I then ran lsload PROFILE uat.xml -p INT -addRoleMapping Now the problem I see is Profile description in the Security Administrator tool show User Acceptance Testing, How do I go about changing it to Integrated Testing. Is there a way to change it through SSOCONFIG

While running the ldifgen command using the XmlToDataLdif option I am receiving a zero byte file.  I am running this command to convert our XML data file to an ldif format. I have successfully run this command in the past without issue, however, it is now not returning any results. The syntax for the command that I am using is: ldifgen XmlToDataLdif -f /tmp/sourceldapfile.ldif /tmp/sourcexmldata.xml The above command is returning zero byte for for /tmp/sourceldapfile.ldif. The inp...

Hi, Wondering if anyone out there has had success with setting up a read-only view of LSA   We have some functional superusers that would like to be able to use the tool to view attributes of users in their department but don't want/need to change anything. So far, I've had **some** sucess in that I created the following roles: - ADM Profile - set up one security class (SuperInquiry) with Deny All for all objects except SERVER. For SERVER I have I and InqTypeRole. (otherwise you can't logi...

Does any one know how to rename (change ID and carry over its history) accounts in LSF9 (LAUA)  MSS and ESS access  Is it possible Where does this takeplace

Does any one know how to rename (change ID and carry over its history) accounts in LSF9 (LAUA)  MSS and ESS access  Is it possible Where does this takeplace

In our non-production environment, our security administrators noticed LSA security was turned off.  They turned it on and noticed that they could not update security as the fields contained asterisks.  The security administrators have the SuperAdminRole which has the AllRMAccess and AllADMAccess security classes.  The role and the security classes look like production.  Security reports can be kicked off but do not run even with the lawson user ID when security is on.  I have not seen any error...

We have tons of security classes in our security. Instead of going and browsing each one, is there a way or report to run where I can see which security classes have access granted to a certain form token I am looking for instead of going through each one

We are attempting to do some clean up in Lawson Security / Active Directory. I don't have much experience with querying against AD or ATOMS in LDAP, but has anyone developed a sql query that allows visibility of users that have been termed in HR11 in the last 30 days then compare that to any LDAP information so we can display what AD accounts should be inactivated Currently, we use a manual process in which we take a similar query below and security manually inactivates users in ActiveDirecto...

Currently in RQ10, the user logged into Lawson can enter any requester's ID and submit an order.  How do I restrict the RQ10 to only accept the requester ID for the user logged into Lawson  Our requester ID's are the same as the user ID's.

I need to know the path containing the security logs for LSF9 on iSeries to track down an access issue .  Can anyone help me with this

Hi all, Greetings!!!  Please help in solving the below issue.I can able to understand that multiple identities are mapped to the lawson user but i dont know where to delete the mapped identities where i am unable to login to the SSO itself C:\lsfdev>ssoconfig -c No upgrade available for Version 1.2 [WARNING] Unable to retrieve security context!... com.lawson.lawsec.authen.LSFSecurityAuthenException:There are more than one iden tity 0 using this OS user LOCAL\lawson. Please check identitie...

I know green is full access, red is no access and blue is conditional.  Never saw a table completely greyed out.

I have an AP vendor class of 'ETE'.  I am trying to block users from seeing vendors of this class on AP10, but also any invoices for these vendors on AP90 or any other screen where they might find this.  I am trying to be able to do this with one global rule. I tried setting on the Element VEN-CLASS: if(VEN_CLASS=='ETE')    'NO_ACCESS,' else    'ALL_ACCESS,'   This doesn't do anything for me.    I can set the rule on AP10 and block those vendors there. But now I would have to go to each...

We've recently upgraded from LAUA to Lawson Security, and we're processing our new users via the loadusers utility and then syncing them.  For the most part, this is going very well (thankfully!)--but it's not syncing the email address to LTM, though it's there in ISS and syncs to LSA.  I thought/hoped it would update LTM as well, since that's where we really need it.  (It does update the roles and other information, just not the email address.)  Is this normal  Does anyone know how to force it...

If I want to do a global limitation by vendor class, can I (a) do it at the element level  or (b) table level APVENMAST - or do I need to limit multiple tables or (c) do I need to do it at the form level also. It seems to be working by just doing it at the table APVENMAST level on Inquiry security classes but perhaps I am overlooking something. Can anybody point me to a good document outlining advanced security rules

If I want to do a global limitation by vendor class, can I (a) do it at the element level  or (b) table level APVENMAST - or do I need to limit multiple tables or (c) do I need to do it at the form level also. It seems to be working by just doing it at the table APVENMAST level on Inquiry security classes but perhaps I am overlooking something. Can anybody point me to a good document outlining advanced security rules

Has anyone found a way to keep Finance and Supply Chain users from accessing ESS forms from the search box  Forms like the HR11, PR12, etc.

We're on 9.0.1.1, UNIX platform.   Here and there we have a user name of 'privuser' show up on reports, Personnel Actions, various things.  But we need to find out the actual user behind these cases.  Can someone give an explanation of the origin of privuser, and any handling/investigation process that would help us  We have no idea where this is coming from.

I recently installed Lawson Security Administrator 10.0.1.0; however, when I attempted to launch the application, I received this error:  ActiveX component can't create object. I've tried uninstalling and re-installing on two different PCs always with the same result.  Infor directed me to KB article 1616661, which did not resolve the issue.  Researching the error only yields info specific to MS Windows applications; however, some of the information is leading me to the suspicion that there is a...

We have HR employees that need to see pay information as part of their jobs. However, we want to restrict them from seeing their coworker's pay who also work in HR. Has anyone done this Any solutions to how this can be done Our desired result is to be able to do this directly in HR11 without creating a customized program that points to a restricted view, but we also have to take into account the performance issues that complex rules can somtimes cause. Thanks in advance!

i have created suffix through idsxcfg window and I am creating empty DN for lsf10 from TDS Web Administration tool ... got an error when trying to add new entry under directory management.. environment is TDS 6.3 and Red hat 6.   Error GLPWDM003E  An error occurred while adding entry cn=lsf,dc=company,dc=org : [LDAP: error code 65 - Object Class Violation].   any help from community is appreciated..

When writing rules against the DT0 section of a form ie. AP52.3, do I only need to apply the rule to the object type FLD or do should I also apply the rule to the object type HDN.  The problem is when I run a UserSecurityReport in one of my test data areas the Object Info column reports the line as HDN - DT0, In my other test data area it reports it as HDN -AP52.3, when I am expecting it to report as HDN - AP52.3,AMI-AU-GROUP like it shows it in the security class.

What is the version 10 equivalent of RM groups

I am attempting to disable a user using Process Automation.  I want to change the value of isDisabled to 'YES'.  This did work in test, but when I try it in production I receive the error:   [code] Error code: 22 Information code: 1   Return message: Unable to change object(), security violation. Object is secured. [/code] I am not sure what object I need to grant access to in Lawson Security so that this works.  Thank you.