Hello,
We are required to automate user setup for Lawson and get the user(s) into 3 areas. Forgive me if my terminology is off, I am going from docs provided by the client. The 3 areas are RM data, Lawson Portal and Lawson Process Flow Admin. I have knocked off all but 4 fields the client requires. I am using a combination of loadusers and direct DB access to accomplish the task. The final 4 fields I'm missing show up under Modify Lawson Environment Information. They are Printer Group, Job Queue Group, Required Fields and Printer Name. I do not see these fields listed in the available fields for loadusers and attempting to use these fields(guessing at the names) yields a NoSuchAttribute exception.
I am beginning the hunt for these fields, but thought I may find some direction here from the gurus.
Thanks for any advice.
Best Regards,
Chuck
Update: I found the fields in the gen_db database within the R_USER and USERINFO tables. what I don't see is how the username field, which is the key in these tables and is of the format NTxxxxxxxxxx, links up with the requester and wf_rm_id fields used in the pd90_db and logan_db databases respectively. it looks like they are just sequential hex numbers, however I'm wondering if there's a table etc. which contains both the username and wf_rm_id fields. can anyone provide direction as to how to link these?
You can try to populate/change the Environment service identity for each user. If you have a few users you can do it in Security Administrator; if you have many you'll have to create the XML file for the identities and the load them in loadusers.
I would not recommend backending data into the tables/fields you mention unless you really know what you are doing. The NT**** id's are the OS id's (you're on windows).
Roger
Posted By Chuck on 12/03/2009 08:13 AM Hello, We are required to automate user setup for Lawson and get the user(s) into 3 areas. Forgive me if my terminology is off, I am going from docs provided by the client. The 3 areas are RM data, Lawson Portal and Lawson Process Flow Admin. I have knocked off all but 4 fields the client requires. I am using a combination of loadusers and direct DB access to accomplish the task. The final 4 fields I'm missing show up under Modify Lawson Environment Information. They are Printer Group, Job Queue Group, Required Fields and Printer Name. I do not see these fields listed in the available fields for loadusers and attempting to use these fields(guessing at the names) yields a NoSuchAttribute exception. I am beginning the hunt for these fields, but thought I may find some direction here from the gurus. Thanks for any advice. Best Regards, Chuck Update: I found the fields in the gen_db database within the R_USER and USERINFO tables. what I don't see is how the username field, which is the key in these tables and is of the format NTxxxxxxxxxx, links up with the requester and wf_rm_id fields used in the pd90_db and logan_db databases respectively. it looks like they are just sequential hex numbers, however I'm wondering if there's a table etc. which contains both the username and wf_rm_id fields. can anyone provide direction as to how to link these?
no problems populating the tables mentioned in testing thus far.
we are in the process of integrating an identity management system which allows management of identities across the enterprise and it's resources from a single app. so all steps the client takes in user setup must be completely automated. it would be nice if Lawson made this a bit easier and provided better docs, but what can we do?
thanks for your response.
cheers
We actually wrote an interface to LSF9 for CA IM. It supports both Resource Manager and LAUA, and it works quite well for user add/terms, password changes, group mods, role mods, etc.
Did you get your connector done?
What IM product are you using?
Posted By fred.kobos on 03/10/2010 07:11 AM I have had an interface for 1 1/2 years that works just fine. Besides r_user and userinfo I also update USERGRPDTL in gen
Fred, if you going to automate LAUA, then I don't think usergrpdtl is an option.. ;-)
Posted By Chuck on 03/10/2010 07:18 AM yes, I was able to get an interface up and running. we have integrated sun's identity manager with lawson. it's a mix of loadusers, sql and ldifde. works for any user info we need to add/modify/delete per the client's requirements. thanks again for the assistance.
We stayed with importdb (LAUA) and loadusers. We had initially done some direct updates to LDAP, but Lawson basically says that doing so will void the warranty.
Posted By fred.kobos on 03/10/2010 07:28 AM I am only using a processflow which runs daily.
Ah, yes. Processflow can certainly do a lot of this. I think we're talking about a more comprehensive IAM solution that touches Lawson plus other apps, so we can't just use processflow. Great tool though!
can you point me to specific info on voiding the warranty? when I initially brought this project to a contact I was put in touch with at Lawson he provided me all the info I needed on the ADAM tree and DBs, however failed to mention anything about voiding warranties.(which I hope he would have)
the direct ADAM access is used for querying, which IDM requires, and removing user entries. the client is not yet on the version of loadusers which supports removing entries and has no immediate plans to upgrade.
thanks for the info.
Posted By Chuck on 03/10/2010 11:08 AM can you point me to specific info on voiding the warranty? when I initially brought this project to a contact I was put in touch with at Lawson he provided me all the info I needed on the ADAM tree and DBs, however failed to mention anything about voiding warranties.(which I hope he would have) the direct ADAM access is used for querying, which IDM requires, and removing user entries. the client is not yet on the version of loadusers which supports removing entries and has no immediate plans to upgrade. thanks for the info.
Oh, okay, I didn't communicate well. They said you voided the warranty (you'll have issues with their support team) if you *modify* LDAP. We use it for searches. If you do that, you're fine. (Really, you can't do anything if you don't search LDAP/RM.)
We found a trick with loadusers to make it work. :-)
Posted By fred.kobos on 03/10/2010 11:07 AM Dustin, It is automated using processflow and I needed to use usrgrpdtl. It is one of the files that gets updated if you manually put in a new user using laua. FYI: I am on the iseries.
Hi Fred! Glad you got that working so well. So you are fully automated with user creations/terms in Processflow? Good job. We, and apparently Chuck, had to plug LSF9 into a Identity Management solution that is used for all enterprise apps (including LSF9), so we went that route.
I do know one of our clients is changing to Processflow for self-service users since that can be pulled out of the bigger IM solution.
So you guys are running LSF9 on iSeries?
Posted By fred.kobos on 03/10/2010 01:26 PM I am 901 for env and apps. I have been using LDAP and LAUA. I am currently working on 90 security.
Hi Fred! Let me know how it goes. It's really nothing exciting to get lsf9 security going (at least on the provisioning end). Now, for the actual LSF9 admin staff, that's another matter.. ;-)