Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Systems Administration
Pointing Lawson to an LDAP server with a different Root DN
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Zac Shields
Past 24 Hours:
0
Prev. 24 Hours:
1
Overall:
5210
People Online:
Visitors:
445
Members:
0
Total:
445
Online Now:
New Topics
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Lawson S3 Procurement
RQ13 Approval Info
10/17/2024 2:12 PM
When a Requisition is approved on RQ13, what table
S3 Customization/Development
Read and Write CSV file COBOL
10/9/2024 2:53 PM
Does anyone have a quik example of a program that
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Systems Administration
Pointing Lawson to an LDAP server with a different Root DN
Please
login
to post a reply.
3 Replies
0
Subscribed to this topic
27 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Jonathan Lake
New Member
Posts: 2
10/18/2012 4:11 PM
LDAP is AD bound.
We had implemented our production lawson environment to point to an LDAP that has o=lawsonprd,dc=company,dc=org as the root DN.
Our DR lawson environment was created pointing to an LDAP server that has o=lawsonprddr,dc=companyp,dc=org as the root DN.
We are trying to reconfigure our DR environment to use a replicated LDAP server which is identical to prod. using o=lawsonprd,dc=company,dc=org as the root DN.
Here is what I have done:
ssoconfig -c option 3 and reconfigure this to point to the different ldap server. lase fails to start.
I edited $LAWDIR/system/RMApiInit.properties and updated all the hard coded LDAP DN's to reflect what it should look like to make this work. Lase now starts, however smoke tests fail with:
Error: Failed to authenticate user lawson
Message: com.lawson.lawsec.authen.LSFSecurityAuthenException:Message:javax.crypto.BadPaddingException: pad block corrupted. This is where I am stuck.
It is my understanding there is some encryption mismatch. I did an ssoconfig -c to export the services and identities, and the items causing problems are put in the lase_server log. The services export fine, the identities provide a huge list of what could not be exported. I am stuck and not sure what to do next.
I don't know if re-doing an ldap bind would help (I wouldn't think so but could be worth a try).
If deleting and recreating users in ldap would help any.
I'm hoping to get this resolved for our DR test this weekend.
Jonathan Lake
New Member
Posts: 2
10/18/2012 6:56 PM
I have found that if I do an ldapbind on our DR server, ssosmoketest works and I can bring up the environment. However, this breaks our prod environment, giving the cell padding errors with the ssosmoketest.
Is there a way to move our DR server to use the same LDAP instance as our prod server without breaking either environment?
Roger French
Veteran Member
Posts: 549
10/18/2012 9:04 PM
I think you're going down a path that will give you more headaches. It sounds great in theory, but I don't think it's going to work.
One Lawson environment requires one Lawson LDAP.
Another Lawson environment requires another, separate Lawson LDAP.
Not recommend and most likely not doable (I've never done it) to have a single Lawson LDAP for two separate Lawson environments.
Both Lawson environments can be bound to your organization's AD (used for sso passwords) using the ldapbind tool.
John Henley
Posts: 3353
10/19/2012 11:50 AM
I'm trying to understand what you're attempting, but it's confusing to mix "ldapbind" with "ldap repository", as the two are different.
As simply as I can explain:
- "ldapbind" (when referring to LSF) is the authentication mechanism used by Portal (the SSOP service) to authenticate a user. Where it gets confusing is that LSF also uses an ldapbind internally against it's own repository in addition to the SSOP authentication. So in the $LAWDIR/system/install.cfg, the LDAPBINDDN parameter is the internal ldapbind --- not the SSOP service's ldapbind. So you have to be very specific about which ldapbind you're talking about. For some clients, ldapbind for SSOP is done against the Lawson internal LDAP repository (i.e. LSF manages SSOP passwords); for others SSOP is bound to a corporate LDAP, typically Active Directory.
- "ldap repository" is the container used by LSF to store security-related data (i.e. users, their identities, security classes, roles/rules).
For your DR test, I'm assuming you have a separate DR LSF environment, on a separate server, on a separate network.
Are you trying to point that environment, which contains it's own LDAP repository, to a different AD for ldapbind for SSOP ?
Or are you trying to copy the production LDAP repository to update/replace the DR LDAP repository so that you have a refreshed copy of the users, security rules, etc.?
Please
login
to post a reply.