Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Mass Deleting Users in LSF 9
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
218
Members:
0
Total:
218
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Security
Mass Deleting Users in LSF 9
Please
login
to post a reply.
32 Replies
0
Subscribed to this topic
15 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Page 1 of 2
1
2
>
>>
Author
Messages
Ellen Melton
Advanced Member
Posts: 28
12/11/2007 8:41 PM
Has anyone found a way to mass delete users in LSF 9 - kinda the reverse of loadusers?
Our migration of users from 8.0 to LSF9 was a total mess. I'd like to basically start over for about 90% of our users. I've got the loaduser xml ready but I know it will fail because the existing users are tied to the SSOP identities that I'll be trying to load - hence I need to delete all the existing RMIDs.
Any methods other than manually doing all 5500 one-by-one??
John Henley
Posts: 3353
12/11/2007 8:53 PM
Ellen, do you want to keep the RMIDs the same, and just override the SSOP / OSID?
Ellen Melton
Advanced Member
Posts: 28
12/11/2007 8:59 PM
No, I don't want to keep the same RMID. Background: Our old network ID standard was firstname-lastname. Our new one is employee number. In LSF 9, my plan was to create RMIDs based on the employee number with the SSOP ID tied to the old standard (for those that had not yet been converted). This will keep me from creating new RMIDs as each user gets their network ID renamed to the new standard. All I would need to do is to change the SSOP ID.
However, all the user migration took place before I got a chance to layout my plans. And the person who did the migration really messed up the user records. Almost all of them were setup incorrectly.
So I'd basically like to start over with the majority of the users.
John Henley
Posts: 3353
12/11/2007 9:05 PM
Are you live? In other words, do these users have jobs, etc. that need to be retained?
Ellen Melton
Advanced Member
Posts: 28
12/11/2007 9:06 PM
Not yet live which is why I want to do this now before we begin having history tied to the RMIDs
John Henley
Posts: 3353
12/11/2007 9:40 PM
I can think of a few different ways (in increasing order of difficulty):
1. ProcessFlow Integrator includes the capability to delete users. If your organization doesn't own it, they should.
2. Code up a script that loops thru a file and executes ssoconfig commands for each user.
3. Create an ldif export from the LDAP repository, edit out the users you want to remove (making sure you leave the lawson, pfuser, etc.), delete the LDAP repository and then recreate it. If you're not very familiar with LDAP and Lawson's implementation, this will be a painful and time-consuming approach.
At a minimum, MAKE SURE YOU BACK UP THE LDAP REPOSITORY FIRST!
Ellen Melton
Advanced Member
Posts: 28
12/12/2007 2:12 PM
We don't have Integrator and none of us are very familiar with LDAP yet - even our LDAP administrator!! I'll see if my developers can consider a script - guess in the meantime, I'll start manually deleting them. I just wanted to make sure that I hadn't missed a Lawson delivered command that would do it. Guess this will be my next Enhancement Request.
May God bless you this Christmas season for your willingness and generosity to share your skills and knowledge. Merry Christmas.
cdodrzywolski
Basic Member
Posts: 21
11/17/2008 7:19 PM
Hello,
I am looking to do the same thing, as far as deleting users go. We also have a bunch of employees that need access to ESS and we add or delte them as they are hired or terminated.
Did you arrive at a good solution?
Thanks :-)
beverly godwin
Veteran Member
Posts: 143
8/18/2009 8:00 PM
There is a few utility commands in the Lawson Administration: Resources and Security (Deleting Security Data from the LDAP Repository Using the lsdelete Utility). I'm not sure if this is one of the 'tools' that the manual specifically states not to use:
"Do not use LDAP data tools to make changes to your Lawson data."
This command removes profiles, security classes, element groups, roles.
Alex Tsekhansky
Veteran Member
Posts: 92
8/19/2009 1:30 AM
I wrote a script that emulates deletion of the users via LSA. It's only 3 Portal web calls per user to be deleted, and they're easy to capture with fiddler.
Note that Lawson has a limit of 1000 users deleted per Lawson instance before restarting the instance. It's a strange limit, and it's hardcoded in some of the Java code. Still - if you divide a user list into 900 users per file, and restart environment after each one, you will be Ok.
I suggest using that mechanism instead of direct LDAP modifications as it goes through Lawson routines.
Thanks.
Alex.
John Henley
Posts: 3353
8/19/2009 2:34 PM
I, there is a new -u flag in loadusers in 9.0.1.4 to delete users.
beverly godwin
Veteran Member
Posts: 143
8/19/2009 3:08 PM
I was just told by GSC that as of 9.0.0.7 there is a -u flag on laodusers to remove users from LDAP/ADAM only. This is JUST what I was looking for.
beverly godwin
Veteran Member
Posts: 143
8/19/2009 6:06 PM
How would I create the xml file to use to mass delete these? Is there a way to dump out all users from ldap in proper xml format, remove those not to be deleted and then run the loadusers with the -u option?
It would be nice if the xml file could just contain the rmid of the users to be deleted and not have to include all items that are generally on the upload file for each user..
John Henley
Posts: 3353
8/19/2009 6:58 PM
It only needs to include the IDs, not the details.
ChrisO
Basic Member
Posts: 21
8/20/2009 12:18 PM
Cool thanks all, i am going to try this when we get time. I'll let you know how it comes out.
beverly godwin
Veteran Member
Posts: 143
8/20/2009 1:02 PM
This assistance is greatly appreciated, I'm struggling to find good documentation on this new feature.
This will remove all items from ldap/adam for the users right?
Is this what I'm looking at for the xml file for the delete loaduser option??
John Henley
Posts: 3353
8/20/2009 7:19 PM
Get the LATEST version of the Lawson LSF9 "Resources & Security" documentation (the 9.0.1.4 version of the documentation has some examples of using loadusers to delete users). You will have to dig for the documentation. The one under the "Document Library" in the Lawson KB is out-dated--you have to go through the Product Downloads to LSF9 to the Documentation link to get to the latest one.
beverly godwin
Veteran Member
Posts: 143
8/21/2009 2:57 PM
So I got the loadusers command to work with the -u option to remove the users and their identities from ldap (1700 users removed). See solution below for those on lsf 9.0.0.7 and greater.
I am having trouble getting my business users out, due to default domain, so I'm fighting with that issue now. We've not yet done the ldap bind. I'll just manually delete my 74 business users for now...
my command: loadusers -f delusers5.xml -p LAWAPP8 -d UMC -u
book example: loadusers -f filename -p defaultProdLine -d defaultDomain -u -g username
my file: (the empty tags for roles/identities/groups may not be needed)
beverly godwin
Veteran Member
Posts: 143
8/21/2009 3:02 PM
wow..so my xml file is not showing in the post..here is another attempt..I took out the <> tag identifiers to see if this will show in the post.
?xml version="1.0" encoding="ISO-8859-1" ?
XML
ROLEDATA
/ROLEDATA
GROUPDATA
/GROUPDATA
USERDATA
USER ID = "AlishaB"/
USER ID = "MohammedB"/
/USERDATA
IDENTITIES
/IDENTITIES
/XML
TBonney
Veteran Member
Posts: 281
4/23/2010 11:22 AM
Beverly,
Please clarify if using the -u switch in loaduser utility gets rid of the user profile in LSA too, or just in LDAP/ADAM.
Also, were you ever able to find documentation on use of the utility in the 9.0.1.4 guide or the 9.0.0.7 guide? Thank you!!
CindyW
Veteran Member
Posts: 169
5/4/2010 2:50 PM
The Lawson Administration: Resources and Security document covers the Loadusers -u functionality. It's on page 164.
I don't think it removes the user from Lawson Security though, so it seems there would be a proper sequence to follow. Can anyone confirm this?
TBonney
Veteran Member
Posts: 281
5/7/2010 5:30 PM
Cindy,
Thank you for your post. Sorry for the confusion on my last post. I know that the -f switch simply referes the job to look to the designated file for input. I am familiar with using this switch with the loadusers utility to load users. That is how we add most of our new users. I had thought that one of the previous posts stated there was simply a different switch to be used to delete users as opossed to loading them.
However, based on your post, in order to use the same utility to delete users, is it as simple as updating the xml file with blank elements, except for the user id element as you've shown?
Thank you for any additional guidance you might provide.
beverly godwin
Veteran Member
Posts: 143
5/7/2010 5:37 PM
it is the -u at the end that you have to use when you are 'deleting' vs adding users. you have to have the rmid filled in also..but know that the 'rmid'..is the sso identity id and not the id that is showing for the person on the rm record between the first & last name...in my case they usually will match, but not always
Dean Rochester
Advanced Member
Posts: 32
5/7/2010 5:47 PM
if you are not using lsf9 security but still using laua security, does this take care of that clean up too and also the /etc/passwd entry too?
beverly godwin
Veteran Member
Posts: 143
5/7/2010 6:07 PM
I do not fully understand the question here. (/etc/passwd entry??). We are on laua and not lsf9 security. I've not deleted users in a while, but for emss users, they are simple and done as mentioned with the load users. If you have a business user that has a laua security class other than the mass emss class...then I think it would be best to go in and take out their security class..even though they should not be able to log onto portal once the rm record is removed...but they could still get into LID technically. Also when removing someone's laua security class...know that it is tricky when you want to remove laua security class..because if someone is w/o a class..they automatically get the security of Mr. Default...so I usually create a security class called DISABLE that has pretty much no access and give that to people I want disabled...sounds crazy I know..but felt the need to share.
Please
login
to post a reply.
Page 1 of 2
1
2
>
>>