Lawson Security 9 (ADAM)

 12 Replies
 0 Subscribed to this topic
 16 Subscribed to this forum
Sort:
Author
Messages
RickyY
Veteran Member Send Private Message
Posts: 50
Veteran Member
Have anyone tried extract data out of ADAM (lawson security)? I'm trying to extract data out from it and into table. Any ideas or help will be greatly appreciated. Thanks.

TBonney
Veteran Member Send Private Message
Posts: 281
Veteran Member
There are other ways I'm sure...but we use Softerra LDAP Browser 4.5 to query lawson security data. Any query you write can then be exported to a csv file(among other types).

Softerra LDAP Browser 4.5 is a free, downloadable application, which is a pretty safe route to go, since it is browse-only and therefore prevents unauthorized updates from being made by non-admins.
mark.cook
Veteran Member Send Private Message
Posts: 444
Veteran Member
We had that issue a couple years ago, we decided the route for us was to purchase the AVAAP Security dashboard solution. It takes the data out of our LDAP and loads it into Oracle tables nightly. We then can report on it using LBI and have a dashboard rolled out to our key users and internal audit.
Deleted User
New Member Send Private Message
Posts: 0
New Member
JXplorer is another free LDAP browser. We used Softerra initially, but Lawson recommended JXplorer and that works well too.
John Henley
Send Private Message
Posts: 3351
I built solution/utility that does something similar, but with a twist...one of its features is that it includes reports that run directly against the LDAP data (and combine with LOGAN and GEN data) using Crystal.

Thanks for using the LawsonGuru.com forums!
John
RickyY
Veteran Member Send Private Message
Posts: 50
Veteran Member
Can JXploerer export data into a file that is readable?
RickyY
Veteran Member Send Private Message
Posts: 50
Veteran Member
Hi John, do you have an example that you can provide? Thank you.

ricky
John Henley
Send Private Message
Posts: 3351
Posted By RickyY on 06/03/2011 04:58 PM
Hi John, do you have an example that you can provide? Thank you.

An example of what?
Thanks for using the LawsonGuru.com forums!
John
Dave Amen
Veteran Member Send Private Message
Posts: 75
Veteran Member
To all,
For those who've delved into LDAP with JXplorer or another tool, you've found that a rule, such as inquiry-only access to HR11, is contained in a couple of places:
- The HR11 entry, with a tag
- The access, with the tag matching HR11's tag, containing INP+-

To report out of LDAP you'll need to map the different branches, then link the parts together using the tags that connect everything inside LDAP.

Or, if you don't wish to dig in that deeply, it appears that there are 3 tools available that do it for you.
I know is is not a forum for advertising, but for information sharing so you know about these. I recommend checking all of them out. You've heard a bit about AVAAP's and John Henley's utility above, and Lawson partner company Kinsey & Kinsey has an Advanced LS9 Reporting tool with this:
- Over 40 pre-built queries/reports.
- You can easily build custom queries.
- Right-click inside query results to instantly retrieve, for example:
Everything John Smith can access, and how
Who all has access to HR11 and how
A list of all users and their Requisitiion ID's
Everyone who belongs to one or more specific groups
All users in any or all Roles
Tokens occurring in more than one Security Class
And many more

You're welcome to call if you'd like to hear how we built the tool or anything else about it.

Best regards,
Dave
(303) 773-3535
Kwane McNeal
Veteran Member Send Private Message
Posts: 479
Veteran Member
Ricky,
I think it has been implied by John Henley, but I'll say it for clarity: It depends on what you want to get at:

1) Mapping type data (rmid-to-ident_info): I use a script for this. I use either perl or ksh (with the command line LDAP tools) to dump, flatten, and pivot the data as a simple CSV
2) Flattened SecObj/Rule Data: This can be done with a script, but is EVIL hard. I did it, but the script was 3000 lines in ksh WITHOUT comments (I know, I know...the client had to have ksh, since no one knew perl or C). Now I'm not suggesting this except for the brave at heart (especially since I had to write a base64 decoder in ksh), but it can be done.
In this case I'd suggest a tool like AVAAP or Kinsey.

-the safe(r) alternative is-

Using a Lawson dump tool, parse their XML formats:
1) security data: lsdump
2) identity info: ssoconfig
3) resource data: [no publicly available tool as of 9017]
4) schema data: [no publicly available tool as of 9017]
5) meta data: schema editor, go read LAWDIR/system/RmMeta_Default.xml

anything custom, you're on rolling your own.

Kwane
Karen Sheridan
Veteran Member Send Private Message
Posts: 142
Veteran Member

Posted By RickyY on 06/02/2011 04:46 PM
Can JXploerer export data into a file that is readable?

I was looking at JXplorer this morning and I don't see that it does.  Has anyone found a way to do that with JXplorer? 
TBonney
Veteran Member Send Private Message
Posts: 281
Veteran Member
Karen,

Again, not withJExploreer, but with Softerra LDAP Browser 4.5 which is what I use, so I don't know if it can be done with JExplorer. However, I have in the past, exported the query result sets from the LDAP Browser as a csv and subsequently read that file using VBscript.
RickyY
Veteran Member Send Private Message
Posts: 50
Veteran Member
Hi John,

How are you connecting to LDAP using crystal? Perhap, do you know how to connect to ADAM through SQL 2005 and put it into a table? Thanks.