Dumping out Identity information for users in Lawson Security

Are you using SQL Server? If so you can create a linked server to your ldap instance and write a query to extract the data. You might be able to do it in Oracle or DB2, but I don't know how.

You can use ProcessFlow ResourceQuery (and if you have ProcessFlow Integrator you can write to a file via FileAccess node). You can also dump using ssoconfig.

If you are wanting to dump all identities you can also use SSOConfig.

I have a totally different way to dump requester identities. Using LdapAdmin, I log into the ADAM server and dump two branches - the Resources (all RM information) and the Requester tree (a different branch). Both dumps are ldif files. Then I wrote a relatively simple bit of VBA in an Excel file which parses the Resources into a flat file which loads into Excel and gives all RM information. The Requester info is a bit more complicated - it is stored "backwards" with RM's as 1-or-more entries for any given Requester ID. My VBA "flattens" this info out. To link it all into one spreadsheet, I have to add an extra column in the Resources spreadsheet and do a V-lookup on the RMID to the Requester info.

Sounds daunting, but actually it's very powerful and goes real fast.

We purchased a script from AVAAP that dumps our LDAP information into Oracle tables. We then Report off that data using a security dashboard with 20 + reports they designed. Our script runs for about 8 minutes a night and has made reporting off any LDAP info a breeze.

you can dump ELGRP,PROFILE and SECURITY uning lsdump and lsload.

As far as the user setup information as someone mentioned you can use processflow Intergrator Resource query and file acess and message builder to dump the fileds.

The simplest of all is Processflow. All I have is the Pro version. Just note that the more data you output the longer it takes. My simple name and email takes 20 minutes.

You can also use the ssoconfig from the command line in Unix.

ssoconfig -c

5 Manage Lawson Services

6 Export Serivce and identity info

And if you only want one service, you would chose NO

Then specify which service you want to pull

The rest is pretty self explanitory.

 

Posted By ccubitt on 02/01/2010 08:31 AM

You can also use the ssoconfig from the command line in Unix.

ssoconfig -c

 

This is the method I usually use.  It's quick and easy and gives an XML file that's pretty simple to parse out.
 

John Desmarais

You can also dump the information using ldifde or csvde.  I use csvde and parse the resultant .csv file programmatically to clean up the dump.  Here's the syntax I use to dump the rm and sm information.

ldifde -j d:\adam_export -f c:\adam_export\rmldif.ldif -s chocnt-107.ad.choc.org -d "OU=resources,O=lwsnrmdata,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *

ldifde -j d:\adam_export -f c:\adam_export\mdldif.ldif -s chocnt-107.ad.choc.org -d "OU=idxref,O=lwsnSecData,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *

csvde -f d:\adam_export\sm.csv -s chocnt-107.ad.choc.org -j d:\adam_export -d "OU=idxref,O=lwsnSecData,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *

csvde -f d:\adam_export\rm.csv -s chocnt-107.ad.choc.org -j d:\adam_export -d "OU=resources,O=lwsnrmdata,CN=lwsn,DC=choc" -v -a cn=root,cn=lwsn,dc=choc *
 

Jim

I could be completely over simplifying but if you are strictly going after Requester IDs go straight to the source and dump via MS Add-ins the RQ04 table. It all depends how you have your requesters set up. If there is a generic requester id that many utilize then forget my approach. This is how I am able to get our requesters.
Holly

Dumping the Requester table doesn't tell you which logins are associated witha requester. I also use the ssoconfig -c and find it does the job quickly.