infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
Anyone reusing corporate LDAP users that are Infor LDAP bound?
unknown
We are implementing Infor TM and LSF and will be LDAP bound
Of course I want the Infor users to match the LDAP users
I recently found out our organization re-uses AD accounts and I am wondering how that impacts Infor and audits for example
Scenario
Annette Bice employee 12345 is current employee. AD account/Infor account is abice and associated to employee 12345
Annette Bice terms in December 2015
Amy Bice hired in May 2016 and security reuses AD abice with association to her employee 45678
I am not a security person. I have not been able to find Infor contact that reuses AD accounts.
I know that if Annette Bice was a 'worker bee' and HRAdmin would look at an audit record in TM, they would see user 'abice'. They would have to look at the date stamp and then ask our Security team who the user was at that point in time if need be. Other than that, I'm not sure of other reprecussions.
Any input would be appreciated
Find more posts tagged with
Infor Lawson Technology Group - Discussion
Comments
jon-athey
Our IT changed the format for AD accounts a couple years ago probably for reasons like this. We used to be similar to you - jdathey [first initial][middle initial][first 6 characters of last name]. Now we're D12345 [fist letter of birth month][employee number]. Employee numbers are sequential and never repeated to there's no reusing of AD accounts.
unknown
Thanks Jon. This has been a 'battle' for IT Depts for years.. at least from my perspective. But I guess here, the HR Dept will not allow empl id's to be used as they should be considered 'like a ssn' for your work... people can payroll deduct, etc by using empl id and badge #'s.. so that is a battle that was previously battled before I came on board
jreese
Like Jon's company, we used to reuse AD accounts but stopped doing this because we were having issues where the id was still in the LDAP directory and when you attempted to had the AD account to another user it wouldn't match so it wouldn't allow the new account to be created until you cleared the old one from LDAP.
0811181026417683.xls
unknown
You don't have to bind to the sAMAccountName. You can bind to any attribute or create a "new" attribute that you can make sure is unique. The attribute can't be all numbers....we went down that rabbit hole.
We created a new attribute with our company initials pasted with their employee number. Their password will remain the network password.
jon-athey
I see. Here, if you're going to payroll deduct anything like at cafeteria or gift shop you have to present your badge otherwise pay with cash or cc. There may be some risk but I'd think it would be minimal.
That change did make things a little more difficult for me. Managing req approvals in ProcessFlow and identifying users in PO and IC audit screens is a pain because you can't know who they are based on the AD account. I have to log into Resource Manager which our IT Security was nice enough to give me inquiry access to.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Popular Tags
Infor Lawson Human Resources Group - Discussion
Infor Lawson Technology Group - Discussion
General Discussions
VISUAL - Enterprise General Discussions
Infor Lawson Supply Chain Management - Discussion
Process Automation (IPA) - General Discussions
Pegasus - Partner General Discussions
Infor Lawson Supply Chain Group - Discussion
Infor Lawson Financials Group - Discussion
Infor EPM Discussions
