PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 08/03/2010 2:08 PM by  beverly godwin
LSF9 - deactivate user accounts?
 25 Replies
Sort:
You are not authorized to post a reply.
Page 1 of 612345 > >>
Author Messages
Anya
Private
Private
New Member
(5 points)
New Member
Posts:3


Send Message:

--
11/12/2008 1:08 PM

    We are migrating to LSF9 and using ADAM ldap. I know there is no Lawson command yet to  mass delete user accounts from ADAM. But I was wondering if there is a simple way to de-activate the accounts? Thanks!

    Kwane McNeal
    Private
    Private
    Veteran Member
    (1299 points)
    Veteran Member
    Posts:433


    Send Message:

    --
    11/12/2008 1:15 PM
    Anya,
    There isn't an easy way to do this, as there is no longer an attribute that properly handles this, as the Inactive flag did in 8.0.3.

    With that said, you could do anyone of the following:
    1) Remove the SSOP identity on the user record
    2) Set them to a non-existent portalrole file
    *** They would get an error on login, if I recall correctly
    3) Set them to a severly restricted portalrole file (ie: noaccess.xml)
    *** They could still login, BUT would be able to get to anything
    4) Set them to a non-existent OS Identity/LAUA Security Class (they still could log in though)
    5) Disable them via custom setup for LDAPBind (tricky, but appropriate for some clients)

    ...Now as far as out-and-out deletes, Lawson has the ability to do them en-masse, but you would have to code up something in Java to access the internal APIs

    ...if you want more detailed advice, feel free to call me.
    Kwane
    954.547.7210

    Anya
    Private
    Private
    New Member
    (5 points)
    New Member
    Posts:3


    Send Message:

    --
    11/12/2008 2:00 PM
    Thanks, Kwane, that was quick! I like the 2nd option, we can do it through the .xml file. We do need to remove SSOP identities also, do you know of a way we could automate this?
    Also, if you could elaborate a bit on the 4th option? We are very new at this. :o)
    cdodrzywolski
    Basic Member
    (47 points)
    Basic Member
    Posts:21


    Send Message:

    --
    11/24/2008 2:05 PM
    Hey All,

    Did you arrive at a final solution. I like the idea of coding something in Java for the internal API's did you give that route a shot at all? I'll let you know if I have any luck.
    Roger French
    Private
    Private
    Veteran Member
    (1282 points)
    Veteran Member
    Posts:532


    Send Message:

    --
    11/25/2008 8:17 AM

    My 2 cents here:

    When you inactivate or remove user accounts, make sure any existing reports and jobs are transferred to someone else if necessary. For example, if you're deleting a finance user or payroll user and they run important reports then just make sure they get transferred to someone else. I've seen mistakes where the accounts get deleted along with all of their jobs and reports (especially if you're using deljobhist).

    Oh, and I've also seen where a customer has custom account removal programs that remove ANY files on the app server where the user owns a file(s)  ... can be very dangerous.

    -Roger

    You are not authorized to post a reply.
    Page 1 of 612345 > >>