Sync Employee Data

 3 Replies
 3 Subscribed to this topic
 52 Subscribed to this forum
Sort:
Author
Messages
mcarlson
New Member
Posts: 7
New Member

Has anybody had any experience using Process Flow to synchronize Lawson Employee Data with Active directory? 

Our AD is a bit of a mess right now and we would like to get the data in sync with Lawson.  We would need to get the existing data 

over to AD (Specified fields), and then maintain the data moving forward.  Infor indicated that Process Flow would be the tool to 

do this, but we would like to hear from somebody who is currently using it for this purpose.

 

Thanks!

KK - Infor
Veteran Member
Posts: 61
Veteran Member
I have done this at a couple of different clients.
There are quite a few different ways to approach this.
- You may directly filter and dump the fields from Lawson LDAP using any LDAP Browser or
- Use PFI to
- Inquire the fields from the Lawson LDAP using the RM Query Node
- Massage the data to create an ldif file for your AD
- Load the ldif file into AD
John Henley
Posts: 3362
As KK says, to do this from IPA, there is not a direct way to update AD, you have to use ldif file.

See this thread for some ideas:
https://www.lawsonguru.co...-of-users-using-ipa/

(shameless self-promotion)
The Examiner for Lawson S3 product (https://www.danalytics.co...erforLawsonS3.aspx)) has a feature that updates/synchronizes between your AD and HR11, but currently doesn't do the AD user provisioning. Examiner also has a feature to detect "orphan" Lawson SSOP identities (i.e. they no longer match AD accounts so the user is no longer a valid user).
Thanks for using the LawsonGuru.com forums!
John
Kwane McNeal
Veteran Member
Posts: 479
Veteran Member
In addition to all of this, I have written tools to update AD from Lawson, and there are a number of considerations
1) You'll need to make a connection to AD using SSL
2) You will be using some form of LDIF or a security connection using straight BER encoding (see RFC 4522)
3) The password will need to be encoded
4) You'll need a sure mapping from HR11 to AD sAMAccountName. This will almost certainly require the use of a user field or an unused field on HR11. This would also most likely require your HR staff to determine what the name should be.
5) Deleting from AD is best handled by AD Admins. I would at most disable an account, and even then that would need to be considered carefully.

IPA can do this, BUT you'd end up calling a system level process to do the updates to AD.