infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
LDAP Bind to Corporate AD for Authentication
unknown
If you currently use LDAP Bind from Lawson to AD please share how you handle these situations.
Name changes - if someone gets married or divorced and changes their login name. How do you manage the audit trail and maintain the history or jobs for that user?
If there is a network ID kwilliams = kathy williams and Kathy leaves and a Karen Williams starts and network ID is reused kwilliams Is there a way to show the difference or will the system pick up history from the last kwilliams?
Is there a cross walk where the Lawson LDAP uses employee # and can map to AD using a corporate Network ID?
Any help or information is appreciated as these are questions in making the decision moving forward with LDAP Bind.
Find more posts tagged with
Infor Lawson Technology Group - Discussion
Comments
moellerg
We use employee id as our login to lawson.. we have this included in a different field in AD. As long as the field types are the same as cn, it should work.
For instance: My network login is doej and we have employee number stored in the wWWHomePage field in our corporate AD, so I can log in to lawson using my employee number and my corporate AD password. (As long as you bind Lawson to the wWWHomePage field instead of cn, or whatever it tells you in the instructions).
Of course, this causes a little extra work on our AD person when employees quit and then return. She likes to assign them brand new AD record ids and sometimes forgets to remove the employee number from the old wWWHomePage field. The user cannot log into Lawson, because it doesn't know which record to associate with.
unknown
We bind to AD but don't use last name for a user ID. With 183 people named Smith, how could you? User ID doesn't change when a name changes and they are not reused.
unknown
We bind Landmark to AD and then federated Landmark and LSF. Our AD user name (and Infor login name) is something like "meadek". However, our user/actor ID for Infor is Employee Number (as a string).
We create an SSOPV2 identity in Landmark for the AD bind and link that identity to the user/actor record. When a user has a name change, the AD record changes which requires an update (delete/add/link) of the SSOPV2 identity to re-link to the actor. If an employee terms, then the AD record is deleted and the user/actor is disabled, so a rehire requires a new SSOPV2 identity to be created and linked in Landmark.
This does require some maintenance, but it avoids the need to delete the entire user/actor record due to a name change or rehire so it retains job history, etc.
One thing to note is that historically Infor developers (and partner developers) assumed that the actorID and loginID would be the same - which they aren't in our case. Because of this, we have had to work with some of the partners to fix their SSO services so they work correctly with our setup. This is less of an issue now, but it still comes up once in a while.
0909090854053232.pdf
d-hofmann
The delusers utility lets you copy jobs from id to another. Is that what you are looking to do?
It would just require that you build a separate account for the transfer.
But then you might loose the audit trail.
Melissa
Series_Part 3_FICA in Social Security.mp4
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Popular Tags
Infor Lawson Human Resources Group - Discussion
Infor Lawson Technology Group - Discussion
General Discussions
VISUAL - Enterprise General Discussions
Infor Lawson Supply Chain Management - Discussion
Process Automation (IPA) - General Discussions
Pegasus - Partner General Discussions
Infor Lawson Supply Chain Group - Discussion
Infor Lawson Financials Group - Discussion
Infor EPM Discussions
