Dumping out Identity information for users in Lawson Security

 12 Replies
 1 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
John Cunningham
Advanced Member
Posts: 31
Advanced Member

    Has anyone had any luck dumping out identity information, specifically requester identities from the Lawson Security Module.

     

    Derek Czarny
    Veteran Member
    Posts: 63
    Veteran Member
      Are you using SQL Server? If so you can create a linked server to your ldap instance and write a query to extract the data. You might be able to do it in Oracle or DB2, but I don't know how.
      John Henley
      Posts: 3353
        You can use ProcessFlow ResourceQuery (and if you have ProcessFlow Integrator you can write to a file via FileAccess node). You can also dump using ssoconfig.

        Thanks for using the LawsonGuru.com forums!
        John
        MattD
        Veteran Member
        Posts: 94
        Veteran Member
          If you are wanting to dump all identities you can also use SSOConfig.
          Milo Tsukroff
          Veteran Member
          Posts: 47
          Veteran Member
            I have a totally different way to dump requester identities. Using LdapAdmin, I log into the ADAM server and dump two branches - the Resources (all RM information) and the Requester tree (a different branch). Both dumps are ldif files. Then I wrote a relatively simple bit of VBA in an Excel file which parses the Resources into a flat file which loads into Excel and gives all RM information. The Requester info is a bit more complicated - it is stored "backwards" with RM's as 1-or-more entries for any given Requester ID. My VBA "flattens" this info out. To link it all into one spreadsheet, I have to add an extra column in the Resources spreadsheet and do a V-lookup on the RMID to the Requester info.

            Sounds daunting, but actually it's very powerful and goes real fast.
            mark.cook
            Veteran Member
            Posts: 444
            Veteran Member
              We purchased a script from AVAAP that dumps our LDAP information into Oracle tables. We then Report off that data using a security dashboard with 20 + reports they designed. Our script runs for about 8 minutes a night and has made reporting off any LDAP info a breeze.
              akodwiw
              New Member
              Posts: 1
              New Member
                you can dump ELGRP,PROFILE and SECURITY uning lsdump and lsload.

                As far as the user setup information as someone mentioned you can use processflow Intergrator Resource query and file acess and message builder to dump the fileds.
                JudeBac
                Veteran Member
                Posts: 129
                Veteran Member
                  The simplest of all is Processflow. All I have is the Pro version. Just note that the more data you output the longer it takes. My simple name and email takes 20 minutes.
                  ccubitt
                  New Member
                  Posts: 1
                  New Member

                    You can also use the ssoconfig from the command line in Unix.

                    ssoconfig -c

                    5 Manage Lawson Services

                    6 Export Serivce and identity info

                    And if you only want one service, you would chose NO

                    Then specify which service you want to pull

                    The rest is pretty self explanitory.

                     

                    John Desmarais
                    Basic Member
                    Posts: 20
                    Basic Member
                      Posted By ccubitt on 02/01/2010 08:31 AM

                      You can also use the ssoconfig from the command line in Unix.

                      ssoconfig -c

                       

                      This is the method I usually use.  It's quick and easy and gives an XML file that's pretty simple to parse out.
                       

                      John Desmarais

                      JimW
                      New Member
                      Posts: 1
                      New Member

                        You can also dump the information using ldifde or csvde.  I use csvde and parse the resultant .csv file programmatically to clean up the dump.  Here's the syntax I use to dump the rm and sm information.


                        ldifde -j d:\adam_export -f c:\adam_export\rmldif.ldif -s chocnt-107.ad.choc.org -d "OU=resources,O=lwsnrmdata,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *

                        ldifde -j d:\adam_export -f c:\adam_export\mdldif.ldif -s chocnt-107.ad.choc.org -d "OU=idxref,O=lwsnSecData,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *

                        csvde -f d:\adam_export\sm.csv -s chocnt-107.ad.choc.org -j d:\adam_export -d "OU=idxref,O=lwsnSecData,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *

                        csvde -f d:\adam_export\rm.csv -s chocnt-107.ad.choc.org -j d:\adam_export -d "OU=resources,O=lwsnrmdata,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *
                         

                        Jim

                        Holly
                        Basic Member
                        Posts: 4
                        Basic Member
                          I could be completely over simplifying but if you are strictly going after Requester IDs go straight to the source and dump via MS Add-ins the RQ04 table. It all depends how you have your requesters set up. If there is a generic requester id that many utilize then forget my approach. This is how I am able to get our requesters.
                          Holly
                          TeriK
                          New Member
                          Posts: 1
                          New Member
                            Dumping the Requester table doesn't tell you which logins are associated witha requester. I also use the ssoconfig -c and find it does the job quickly.