Who's On?

	Membership:
	Latest: Zac Shields
	Past 24 Hours: 1
	Prev. 24 Hours: 1
	Overall: 5210

	People Online:
	Visitors: 324
	Members: 0
	Total: 324

Name	Points
Greg Moeller	4184
David Williams	3349
JonA	3291
Kat V	2984
Woozy	1973
Jimmy Chiu	1883
Kwane McNeal	1437
Ragu Raghavan	1372
Roger French	1315
mark.cook	1244

Lawson to AD

5 Replies

0 Subscribed to this topic

27 Subscribed to this forum

Sort:

Author

Messages

Kate Liamero

Veteran Member

Posts: 70

8/3/2007 1:02 PM

We are about to go live on Unix 9.0 with LS Security, Adam Bound, Websphere, Portal , LBI, RSS etc .
Our windows group has just informed us that they are about to retire our current active directory server due to an upgrade for a company wide email project. I need to know what and where we have to change Lawson to point to the new server to authenticate users.
We must get this done and tested this before we go live on or about 8/11 - 8/18

Thanks
Kate Liamero

PS Hope everyone in Minneapolis is safe and unharmed. Our prayers and best wishes are with you.

John Henley

Posts: 3353

8/3/2007 3:01 PM

Hi Kate, you will need to re-do the ldapbind to attach to the new AD server, specifying whatever the user tree(s) are. On the new AD server, they will need to set up a user who has query access to the new tree(s); you specify that user when setting up the binding information. Make sure you are on LSF9 SP2 or SP3, and when you run the ldapbind, choose the "search multiple trees" option (the single tree option doesn't work). Finally, I have also found that sometimes the ldapbind command doesn't write the info exactly correctly, and I need to use an LDAP tool (like ldap browser or jXplorer) to manually update the SSOP BIND entries so that SSO can correctly bind. Make sure you do a backup of your "primary Lawson LDAP" container before you do the ldapbind, and also save a copy of the SSO*.XML file that gets exported to $LAWDIR/system as the first step of the ldapbind.

Barry Ghotra

Veteran Member

Posts: 63

1/2/2008 2:06 AM

JOhn, I need a clarification. I have WAS and ADAM installed. But have not done anything in ADAM besides the basic installation. What is needed to be done prior to installing LSF 9.0. MY understanding is that ldapbind needs to happen, but that's after we have migrated the 8.0.3 MSP 11 to LSF 9.0, correct? what needs to happen in ADAM that LSF 9.0 does not choke? Please provide any insights? Thanks.

John Henley

Posts: 3353

1/2/2008 9:28 PM

Barry, you need to create a DN in which Lawson will store its LDAP data--that DN is then specified during LSF9 install itself. If you are going to use SSL for the LDAP itself (i.e. ldaps), you also need to import the security certificate. The ldapbind itself is done after you've installed and tested everything.

Barry Ghotra

Veteran Member

Posts: 63

5/11/2008 1:51 AM

John, is it possible at all to give a small sample for the DN for ADAM. Also while creating the unique ADAM instance do you need to import all the : MS-User, MS-UserProxy and MS-InetOrgPerson LDFs? need help please!

subserved

Basic Member

Posts: 9

10/2/2008 7:38 AM

I am in the same situation. I have ADAM installed and I imported the user LDIF during the creation of the ADAM instance. My DN is: o=d200,ou=law,o=lawson, ldap admin user is: CN=bwatkins,O=d200,OU=law,O=lawson. Keeps telling me my DN name or password is incorrect. I created a User, using ADAM ADSI Edit and assigned the User to the Administrator's group. Tried logging in with that name in an LDAP browser but unsucessful. I know there is an extra step, but need some guidance. Any suggestions?