infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
Lawson User Report
smcquay
We're looking for a way to get a list of all users including Employee number and SSOP. SSOP should be match our AD since we have an LDAP bind. We are Managed Services and Infor has not been able to assist us in getting a report like this.
Any suggestions?
Find more posts tagged with
Infor Lawson Technology Group - Discussion
Comments
robert-canham
We usually use IPA/ProcessFlow for reporting from Lawson Security for items like this. You can use a Resource Query node to get Identity values back like the Employee number. you would need to do 2 queries though since I don't think you can query multiple services (Employee, SSOP) at the same time.
0911060553270289.pdf
smcquay
Thanks for the quick response Robert! Unfortunately, we have not implemented Process Flow (not sure if we have it) so we do not have that as an option.
unknown
I wonder whether the Decision Analytics - Examiner for Lawson S3 would be to help with this requirement?
moellerg
We're not a hosted customer, and on Unix, but I've written several scripts to obtain similar types of information from RM.
Here's one that produces a report of a group header, and all of the users that belong to that group. You could modify it to return whatever you wanted.
dhidal2
If you are Windows you could run a query against your ADLDS directory to pull this data.
unknown
Robert - Do you have a FLOW you are willing to share?
tom
Would Excel MS Addins allow you to do a quick query on that?
smcquay
Wow! Lots of suggestions! Great response on my first post!
Little more info - We are Windows and hosted (I think I mentioned that) with Financials, HR, Procurement. We have always been hosted since go-live in 2004 (first with Siemens, then Velocity, now Infor). We do not have a Lawson System Administrator at our site, so basically they're stuck with me. My first exposure to Lawson, other than user setup, was with the upgrade to Lawson 10 at the end of 2014.
Peter.Barnes - I haven't heard of Decision Analytics - Examiner for Lawson S3. Can you elaborate?
Greg Moeller - Aha! Something I can read (kind of)! I'll review your script to see if we can adapt it to Windows (if we can even run any scripts - we're pretty locked down since we're hosted.)
dhidal2 - Infor is creating a read-only user to allow us to connect to LDAP. We'll be using Apache Directory Studio or JXplorer. First time to use these tools, so we'll see what we can get from there.
Greg Yoder - We tried to get Infor to tell us what database (MS SQL, btw) and table(s) this information is stored in, but they indicate we need it from LDAP.
unknown
Sandy,
Decision Analytics is 'THE' Lawson Guru - John Henley's Company.
The Software, I believe, consolidates LSA, LDAP, and also Processflow Security information; enabling access across all environments.
unknown
We use SQL and created a Linked Server to our LDAP instance and then created a view that our security analysts could use to view that type of information. I know you are hosted, but that might be something they could do for you and just provide you with a view.
unknown
Softerra LDAP Browser is a useful tool (which is a free download) for querying this type of RM information too. I use it all the time here, for various LS/RM queries.
Depending on how you are setup, a sample query providing Company, Employee and UID for a single user would be similar to the following...
The Filter value for a single user query would be:
(lwsnssoAllAttrValueList=EMPLOYEE:1234)
Or for multiple users:
(|(lwsnssoAllAttrValueList=EMPLOYEE:1234)(lwsnssoAllAttrValueList=EMPLOYEE:4567))
For either, the Search DN value (which would differ by organization, but be similar to what's shown here) would be:
CN=PROD_EMPLOYEE,OU=svcxref,O=lwsnSecData,CN=lwsn,DC=mvn,DC=local
And the Attributes value would be: lwsnssoListOfIDs
unknown
I've used Softerra's LDAP Browser too.
Totally agree - easy to use and is very useful for extracting data from LDAP.
unknown
i use:
adfind (windows) and ldapsearch (TDS)
smcquay
Infor finally got us a read-only connection to our LDAP instance. Here's how we got our list of users with Employee ID, Active Directory ID, First Name, Last Name, and Full Name (just in case it was asked for):
1. Connected to LDAP with JXplorer
2. Found and exported the subtree that contained Employee ID (lwsnssoAllAttrValueList: EMPLOYEE:#####) and Active Directory ID (lwsnssoListOfIDs)
3. Found and exported the subtree the contained Lawson ID/Active Directory ID (cn: or name:) - these are the same for us, First Name (zzlwsnattrFirstName), Last Name (zzlwsnattrLastName), and Full Name (zzlwsnattrName)
4. Loaded previous 2 files into Monarch (data mining tool for those that are unfamiliar with it) and extracted the necessary fields to Excel spreadsheets
5. Combined the 2 spreadsheets into 1 using the Active Directory ID in a VLOOKUP command
It was quite clunky, but once Infor gave us the connection information, we had what we needed within about 4 hours.
Thanks for all the suggestions. If anyone can fine tune this process, we would definitely look at using it for future requests.
unknown
bad admin to give end-user jxplorer. softtera runs much faster than jxplorer because it reads only.
my way, as an admin, write shell script with ldapsearch, and create bookmark for users to extract data.
smcquay
TJ Mann - I call myself looking at Softerra's LDAP Browser, but thought it was only a 30 day trial version. I see now that I was looking at LDAP Administrator instead of LDAP Browser. So, I just downloaded LDAP Browser and already see where I can eliminate step 4. LDAP Brower let me export directly to Excel where JXplorer's only option for export was LDIF.
I would be interested in the details of your shell script (*nix or Windows?) and creating bookmarks if you'd be willing to share.
Infor suggested JXplorer or Apache Directory Services (couldn't connect with this one) when we asked them for suggestions. So . . . bad Infor!
0911060553270289.pdf
moellerg
Sandy: I know I'm late to the party, but I've got an *nix script that I've been running daily from cron that I can share.. it's not real pretty but it does build a pretty decent looking html page from the information... and my SuperUsers just love it! I can share it with all. This script will pull out Group headers and then go through and list all users who belong to that group, but I believe once you get the hang of it, you could pull just about anything from AD/TDS.
moellerg
If you are a Windows shop, you could install OpenLDAP to get the ldapsearch (or similar) command and do the same basic thing.
0712131256598360.doc
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Popular Tags
Infor Lawson Human Resources Group - Discussion
Infor Lawson Technology Group - Discussion
General Discussions
VISUAL - Enterprise General Discussions
Infor Lawson Supply Chain Management - Discussion
Process Automation (IPA) - General Discussions
Pegasus - Partner General Discussions
Infor Lawson Supply Chain Group - Discussion
Infor Lawson Financials Group - Discussion
Infor EPM Discussions