Does anyone know how the ldapbind to AD works?

It's in your ldap store.

The LDAP bind is an ssoconfig process that tells Lawson how to access your corporate LDAP and what attribute to use for authentication.  The external LDAP will then be used for authentication.  When a Lawson user attempts to log on, the password entered is compared against the password stored on the LDAP.  The user password for SSOP is "greyed out" once you complete the bind. 

Once authenticated, a cookie is stored on the browser with the session ID that is retained for that session.  This part would be the same for local password management or an LDAP bind. 

Hope that helps.

I think Greg means the credentials associated with each portal session login not the credentials used be SSO to authenticate to AD...is that correct?

Yes, that's correct, John. What's happened is we need to pass the AD credentials to a third party system after login is successful to Lawson, so we can do a SSO type thing, and have that third party system loaded/integrated with ESS.

If stored in a cookie somewhere, that'd be great. Also, what is the content of the cookie? Their may be other values that we need to pass as well.

The cookie only has the session id, which comes from Lawson SSO--NOT AD.

Have you looked into setting up the third party system in ssoconfig to allow it to participate in Lawson SSO?

Note that all we've learned in LSF9 changes when you get to LSF 10:))

it depends how many users you have to pass credentials for, but have you condsidered setting up a bookmark to the remote
system as a Black Box Service. WAY too involved for me to explain here in detail though, sorry.