Prev
Next
Forums Infor / Lawson Platforms S3 Security

Lawson Security 9 (ADAM)

 12 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
RickyY
Veteran Member
Posts: 50
Veteran Member
6/2/2011 5:37 PM
    Have anyone tried extract data out of ADAM (lawson security)? I'm trying to extract data out from it and into table. Any ideas or help will be greatly appreciated. Thanks.

    TBonney
    Veteran Member
    Posts: 281
    Veteran Member
    6/2/2011 6:35 PM
      There are other ways I'm sure...but we use Softerra LDAP Browser 4.5 to query lawson security data. Any query you write can then be exported to a csv file(among other types).

      Softerra LDAP Browser 4.5 is a free, downloadable application, which is a pretty safe route to go, since it is browse-only and therefore prevents unauthorized updates from being made by non-admins.
      mark.cook
      Veteran Member
      Posts: 444
      Veteran Member
      6/2/2011 6:48 PM
        We had that issue a couple years ago, we decided the route for us was to purchase the AVAAP Security dashboard solution. It takes the data out of our LDAP and loads it into Oracle tables nightly. We then can report on it using LBI and have a dashboard rolled out to our key users and internal audit.
        BarbR
        Veteran Member
        Posts: 306
        Veteran Member
        6/2/2011 6:52 PM
          JXplorer is another free LDAP browser. We used Softerra initially, but Lawson recommended JXplorer and that works well too.
          John Henley
          Posts: 3353
          6/2/2011 7:38 PM
            I built solution/utility that does something similar, but with a twist...one of its features is that it includes reports that run directly against the LDAP data (and combine with LOGAN and GEN data) using Crystal.

            Thanks for using the LawsonGuru.com forums!
            John
            RickyY
            Veteran Member
            Posts: 50
            Veteran Member
            6/2/2011 8:46 PM
              Can JXploerer export data into a file that is readable?
              RickyY
              Veteran Member
              Posts: 50
              Veteran Member
              6/3/2011 8:58 PM
                Hi John, do you have an example that you can provide? Thank you.

                ricky
                John Henley
                Posts: 3353
                6/3/2011 9:44 PM
                  Posted By RickyY on 06/03/2011 04:58 PM
                  Hi John, do you have an example that you can provide? Thank you.

                  An example of what?
                  Thanks for using the LawsonGuru.com forums!
                  John
                  Dave Amen
                  Veteran Member
                  Posts: 75
                  Veteran Member
                  6/3/2011 9:56 PM
                    To all,
                    For those who've delved into LDAP with JXplorer or another tool, you've found that a rule, such as inquiry-only access to HR11, is contained in a couple of places:
                    - The HR11 entry, with a tag
                    - The access, with the tag matching HR11's tag, containing INP+-

                    To report out of LDAP you'll need to map the different branches, then link the parts together using the tags that connect everything inside LDAP.

                    Or, if you don't wish to dig in that deeply, it appears that there are 3 tools available that do it for you.
                    I know is is not a forum for advertising, but for information sharing so you know about these. I recommend checking all of them out. You've heard a bit about AVAAP's and John Henley's utility above, and Lawson partner company Kinsey & Kinsey has an Advanced LS9 Reporting tool with this:
                    - Over 40 pre-built queries/reports.
                    - You can easily build custom queries.
                    - Right-click inside query results to instantly retrieve, for example:
                    Everything John Smith can access, and how
                    Who all has access to HR11 and how
                    A list of all users and their Requisitiion ID's
                    Everyone who belongs to one or more specific groups
                    All users in any or all Roles
                    Tokens occurring in more than one Security Class
                    And many more

                    You're welcome to call if you'd like to hear how we built the tool or anything else about it.

                    Best regards,
                    Dave
                    (303) 773-3535
                    Kwane McNeal
                    Veteran Member
                    Posts: 479
                    Veteran Member
                    6/6/2011 2:27 PM
                      Ricky,
                      I think it has been implied by John Henley, but I'll say it for clarity: It depends on what you want to get at:

                      1) Mapping type data (rmid-to-ident_info): I use a script for this. I use either perl or ksh (with the command line LDAP tools) to dump, flatten, and pivot the data as a simple CSV
                      2) Flattened SecObj/Rule Data: This can be done with a script, but is EVIL hard. I did it, but the script was 3000 lines in ksh WITHOUT comments (I know, I know...the client had to have ksh, since no one knew perl or C). Now I'm not suggesting this except for the brave at heart (especially since I had to write a base64 decoder in ksh), but it can be done.
                      In this case I'd suggest a tool like AVAAP or Kinsey.

                      -the safe(r) alternative is-

                      Using a Lawson dump tool, parse their XML formats:
                      1) security data: lsdump
                      2) identity info: ssoconfig
                      3) resource data: [no publicly available tool as of 9017]
                      4) schema data: [no publicly available tool as of 9017]
                      5) meta data: schema editor, go read LAWDIR/system/RmMeta_Default.xml

                      anything custom, you're on rolling your own.

                      Kwane
                      Karen Sheridan
                      Veteran Member
                      Posts: 142
                      Veteran Member
                      6/7/2011 12:37 PM

                        Posted By RickyY on 06/02/2011 04:46 PM
                        Can JXploerer export data into a file that is readable?

                        I was looking at JXplorer this morning and I don't see that it does.  Has anyone found a way to do that with JXplorer? 
                        TBonney
                        Veteran Member
                        Posts: 281
                        Veteran Member
                        6/10/2011 4:40 PM
                          Karen,

                          Again, not withJExploreer, but with Softerra LDAP Browser 4.5 which is what I use, so I don't know if it can be done with JExplorer. However, I have in the past, exported the query result sets from the LDAP Browser as a csv and subsequently read that file using VBscript.
                          RickyY
                          Veteran Member
                          Posts: 50
                          Veteran Member
                          1/5/2012 10:22 PM
                            Hi John,

                            How are you connecting to LDAP using crystal? Perhap, do you know how to connect to ADAM through SQL 2005 and put it into a table? Thanks.