Prev
Next
Forums Infor / Lawson Platforms S3 Security

Password Recovery for ESS Users?

 9 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
jojo.serquina
Veteran Member
Posts: 63
Veteran Member
4/21/2008 2:17 AM

    For those who have implemented LSF90 ESS on Windows environment and ADAM -

    how do you take care of users forgotten password? Do your users call your IT and let the IT folks reset and issue a temporary password? or have you implemented a password recovery application that emails a password reset link to your users and let the users take care of resetting their own password?

    Appreciate the insight.

    jojo.serquina
    Veteran Member
    Posts: 63
    Veteran Member
    4/22/2008 3:13 PM
      I suppose not many are using LSF9 ess?
      John Henley
      Posts: 3353
      4/22/2008 4:19 PM
        All of the clients I have worked with on LSF9 are using ldapbind to bind the passwords to Active Directory, which makes it "someone else's problem"...
        Thanks for using the LawsonGuru.com forums!
        John
        jojo.serquina
        Veteran Member
        Posts: 63
        Veteran Member
        4/22/2008 4:21 PM
          I really like that idea, John

          Eventually, we will do the bind.
          trueblueg8tor
          Advanced Member
          Posts: 41
          Advanced Member
          4/23/2008 12:54 AM

            Like many things there is more than 1 way to do this. I am developing a jsp that prompts the user for some info, binds to our authentication Ldap and sends an e-mail with the temporary password if the info given is correct. It's been my experience that Java (with JNDI) works well with Ldap whatever "brand" you may have. 

            jojo.serquina
            Veteran Member
            Posts: 63
            Veteran Member
            4/23/2008 11:39 AM
              actually, after our ldap is bind, I'll be developing a similar function using coldfusion. maybe something along the lines of each user having a set of questions to answer before getting to the password reset - maybe a combination of ssn, birth date, etc. - information that's stored apart from ldap, then let coldfusion use "net user username password /domain" do it's work
              John Henley
              Posts: 3353
              4/23/2008 2:20 PM
                Microsoft delivers a password change feature (IISADMPWD) with IIS, and there are a number of other solutions out there, so I'd avoid re-inventing the wheel....
                Thanks for using the LawsonGuru.com forums!
                John
                jojo.serquina
                Veteran Member
                Posts: 63
                Veteran Member
                4/23/2008 3:35 PM
                  I have to look into that, John to see if it will work for our needs. But I agree, no need re-inventing the wheel.
                  John Henley
                  Posts: 3353
                  4/23/2008 5:25 PM
                    It's been a while since I looked at it, but I remember there were some security issues associated with deploying it on an internet-facing site and not running SSL, but as long as you use it internally I wouldn't think it's a security risk.
                    Thanks for using the LawsonGuru.com forums!
                    John
                    jojo.serquina
                    Veteran Member
                    Posts: 63
                    Veteran Member
                    4/23/2008 5:30 PM
                      i looked into this iisadmpwd - pretty straightforward asp pages... and yes, since we're not implementing this outside the network, we shouldn't* have a problem not running it in SSL.