PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 1/5/2012 10:22 PM by  RickyY
Lawson Security 9 (ADAM)
 12 Replies
Sort:
You are not authorized to post a reply.
Author Messages
RickyY
Private
Private
Veteran Member
(110 points)
Veteran Member
Posts:50


Send Message:

--
6/2/2011 5:37 PM
    Have anyone tried extract data out of ADAM (lawson security)? I'm trying to extract data out from it and into table. Any ideas or help will be greatly appreciated. Thanks.

    TBonney
    Private
    Private
    Veteran Member
    (640 points)
    Veteran Member
    Posts:276


    Send Message:

    --
    6/2/2011 6:35 PM
    There are other ways I'm sure...but we use Softerra LDAP Browser 4.5 to query lawson security data. Any query you write can then be exported to a csv file(among other types).

    Softerra LDAP Browser 4.5 is a free, downloadable application, which is a pretty safe route to go, since it is browse-only and therefore prevents unauthorized updates from being made by non-admins.
    mark.cook
    Private
    Private
    Veteran Member
    (1244 points)
    Veteran Member
    Posts:444


    Send Message:

    --
    6/2/2011 6:48 PM
    We had that issue a couple years ago, we decided the route for us was to purchase the AVAAP Security dashboard solution. It takes the data out of our LDAP and loads it into Oracle tables nightly. We then can report on it using LBI and have a dashboard rolled out to our key users and internal audit.
    BarbR
    Veteran Member
    (888 points)
    Veteran Member
    Posts:306


    Send Message:

    --
    6/2/2011 6:52 PM
    JXplorer is another free LDAP browser. We used Softerra initially, but Lawson recommended JXplorer and that works well too.
    John Henley
    Private
    Private
    Senior Member
    (9899 points)
    Senior Member
    Posts:3317


    Send Message:

    --
    6/2/2011 7:38 PM
    I built solution/utility that does something similar, but with a twist...one of its features is that it includes reports that run directly against the LDAP data (and combine with LOGAN and GEN data) using Crystal.

    Thanks for using the LawsonGuru.com forums!
    John
    RickyY
    Private
    Private
    Veteran Member
    (110 points)
    Veteran Member
    Posts:50


    Send Message:

    --
    6/2/2011 8:46 PM
    Can JXploerer export data into a file that is readable?
    RickyY
    Private
    Private
    Veteran Member
    (110 points)
    Veteran Member
    Posts:50


    Send Message:

    --
    6/3/2011 8:58 PM
    Hi John, do you have an example that you can provide? Thank you.

    ricky
    John Henley
    Private
    Private
    Senior Member
    (9899 points)
    Senior Member
    Posts:3317


    Send Message:

    --
    6/3/2011 9:44 PM
    Posted By RickyY on 06/03/2011 04:58 PM
    Hi John, do you have an example that you can provide? Thank you.

    An example of what?
    Thanks for using the LawsonGuru.com forums!
    John
    Dave Amen
    Private
    Private
    Veteran Member
    (209 points)
    Veteran Member
    Posts:75


    Send Message:

    --
    6/3/2011 9:56 PM
    To all,
    For those who've delved into LDAP with JXplorer or another tool, you've found that a rule, such as inquiry-only access to HR11, is contained in a couple of places:
    - The HR11 entry, with a tag
    - The access, with the tag matching HR11's tag, containing INP+-

    To report out of LDAP you'll need to map the different branches, then link the parts together using the tags that connect everything inside LDAP.

    Or, if you don't wish to dig in that deeply, it appears that there are 3 tools available that do it for you.
    I know is is not a forum for advertising, but for information sharing so you know about these. I recommend checking all of them out. You've heard a bit about AVAAP's and John Henley's utility above, and Lawson partner company Kinsey & Kinsey has an Advanced LS9 Reporting tool with this:
    - Over 40 pre-built queries/reports.
    - You can easily build custom queries.
    - Right-click inside query results to instantly retrieve, for example:
    Everything John Smith can access, and how
    Who all has access to HR11 and how
    A list of all users and their Requisitiion ID's
    Everyone who belongs to one or more specific groups
    All users in any or all Roles
    Tokens occurring in more than one Security Class
    And many more

    You're welcome to call if you'd like to hear how we built the tool or anything else about it.

    Best regards,
    Dave
    (303) 773-3535
    Kwane McNeal
    President
    Private
    Veteran Member
    (1431 points)
    Veteran Member
    Posts:477


    Send Message:

    --
    6/6/2011 2:27 PM
    Ricky,
    I think it has been implied by John Henley, but I'll say it for clarity: It depends on what you want to get at:

    1) Mapping type data (rmid-to-ident_info): I use a script for this. I use either perl or ksh (with the command line LDAP tools) to dump, flatten, and pivot the data as a simple CSV
    2) Flattened SecObj/Rule Data: This can be done with a script, but is EVIL hard. I did it, but the script was 3000 lines in ksh WITHOUT comments (I know, I know...the client had to have ksh, since no one knew perl or C). Now I'm not suggesting this except for the brave at heart (especially since I had to write a base64 decoder in ksh), but it can be done.
    In this case I'd suggest a tool like AVAAP or Kinsey.

    -the safe(r) alternative is-

    Using a Lawson dump tool, parse their XML formats:
    1) security data: lsdump
    2) identity info: ssoconfig
    3) resource data: [no publicly available tool as of 9017]
    4) schema data: [no publicly available tool as of 9017]
    5) meta data: schema editor, go read LAWDIR/system/RmMeta_Default.xml

    anything custom, you're on rolling your own.

    Kwane
    Karen Sheridan
    Private
    Private
    Veteran Member
    (367 points)
    Veteran Member
    Posts:141


    Send Message:

    --
    6/7/2011 12:37 PM

    Posted By RickyY on 06/02/2011 04:46 PM
    Can JXploerer export data into a file that is readable?

    I was looking at JXplorer this morning and I don't see that it does.  Has anyone found a way to do that with JXplorer? 
    TBonney
    Private
    Private
    Veteran Member
    (640 points)
    Veteran Member
    Posts:276


    Send Message:

    --
    6/10/2011 4:40 PM
    Karen,

    Again, not withJExploreer, but with Softerra LDAP Browser 4.5 which is what I use, so I don't know if it can be done with JExplorer. However, I have in the past, exported the query result sets from the LDAP Browser as a csv and subsequently read that file using VBscript.
    RickyY
    Private
    Private
    Veteran Member
    (110 points)
    Veteran Member
    Posts:50


    Send Message:

    --
    1/5/2012 10:22 PM
    Hi John,

    How are you connecting to LDAP using crystal? Perhap, do you know how to connect to ADAM through SQL 2005 and put it into a table? Thanks.
    You are not authorized to post a reply.