Prev
Next
Forums S3 Security

Mass Updating/Changing SSOP passwords

Sort:
You are not authorized to post a reply.
Author
Messages
shashank
Basic Member
Posts: 7
Basic Member
8/25/2008 5:40 PM

    Hi,

    I need to mass update SSOP passwords for all users.

    Does anyone know if this is doable, and how?

    thanks.

     

    John Henley
    Senior Member
    Posts: 3348
    Senior Member
    8/25/2008 8:17 PM
      I haven't tried it, but I think you can do that with loadusers by specifying the SSOPPASSWORD element in the USERDATA node in the XML file. You can also do it with an XML file loaded via ssoconfig.
      Thanks for using the LawsonGuru.com forums!
      John
      shashank
      Basic Member
      Posts: 7
      Basic Member
      9/3/2008 11:10 PM
        Hi John,
        Thanks for the suggestion.
        I tried a POC with an xml file and a handful of users and it worked.
        1. ssoconfig -c
        2. Type in your security password
        3. Choose 5
        4. Choose 5 again and point to the xml file
        5. Proceed...

        ssoconfig can also generate a sample input file to be used.

        Next step for me now is to write a program that will generate this xml file and then run ssoconfig.

        Thanks for your help.
        Phillip Feller
        Basic Member
        Posts: 12
        Basic Member
        10/1/2008 1:39 PM
          I have done this using loadusers. The one limitation to using this utility is that you are restricted to either: 1) assigning all users in the XML file the same password, or 2) defaulting all users in the XML file a passwords that are the same as their user names. The way around this is to create and load a separate XML file for each user. Although this sounds tedious, it's not all that difficult to write a script that creates the XML file and loads it.

          I used Python for the script that I wrote, but you ought to be able to use any language. I chose Python because it was already required on the system, and the XML module is included in the core language. Creating the XML file is a snap:
          from xml.dom.minidom import Document
          outputFile = open(outputFileName,"w")
          doc = Document()
          xml = doc.createElement("XML")
          doc.appendChild(xml)
          userdata = doc.createElement("USERDATA")
          userdata.setAttribute("ProductLine", "PROD")
          userdata.setAttribute("SSOPPASSWORD", password)
          xml.appendChild(userdata)
          user = doc.createElement("USER")
          user.setAttribute("ID", id)
          user.setAttribute("RMID", id)
          user.setAttribute("Name", firstName + " " + lastName)
          user.setAttribute("FirstName", firstName)
          user.setAttribute("LastName", lastName)
          user.setAttribute("CheckLS", "no")
          user.setAttribute("Group", ESS_GROUP)
          user.setAttribute("PortalRole", ESS_ROLE)
          userdata.appendChild(user)
          outputFile.write( doc.toprettyxml(indent="    ") )
          outputFile.close()

          My script was for creating new ESS users, so I also added IDENTITIES and IDENTITY elements to the XML files that I loaded.

          It is alsopossible to do this with HTTP requests to the LsGate servlet (this is how LSA communicates with lase), but that is not necessary for what you want to do.
          Dave Amen
          Veteran Member
          Posts: 75
          Veteran Member
          10/1/2008 9:26 PM
            Sample XML file to use with SSOCONFIG

            To give credit where due, Andrew Provines from Ciber gave me the idea for doing this, and I worked to find the minimum data required to change passwords en masse. SSOCONFIG seems to be the easiest tool to use for this.

            This will change marka2's Portal password to pwd123: 

            (see first attachment)

            Or, you can combine those into a single line, making it easier to use in a spreadshseet, so you can change thousands of passwords to individual values. This does it for 3 users (the display probably wraps, but it's a single line for each user):

            (see second attachment)


            The description below expands a bit on what shashank wrote above, which is how to use this XML file:

            STEPS To update passwords in the Lawson LDAP:

            1. From the ssoconfig main menu (ssoconfig -c), type “5” to select “Manage Lawson Services.”

            2. At the next menu, type “5” to select “Load service and identity file.”

            3. At the prompt “Enter identity file name” prompt, type the file path and name of the XML file.
            For example, c:/mypath/my_xml_file.xml

            4. At the prompt “Override existing identities?” select ”1” for Yes.

            5. You will be prompted to choose the format for credential information.
            Select “3” for Plain Text.

            I was able to load between 5 and 10 passwords per second this way. It takes a few minutes to load thousands, but is far more secure than giving everyone the same password!
            Attachments
            John Henley
            Senior Member
            Posts: 3348
            Senior Member
            10/2/2008 2:57 PM
              I am moving this to the security forum. Also, be on the lookout for an upcoming LawsonGuru Letter article on generating a "password reset" XML file using ProcessFlow Integrator and the ResourceQuery node.
              Thanks for using the LawsonGuru.com forums!
              John
              Peter Barnes
              New Member
              Posts: 2
              New Member
              10/3/2008 10:36 AM
                Along similar lines to this request - does anyone know of a way to automatically require each User to change their password on a timely basis (say 90 days)?
                John Henley
                Senior Member
                Posts: 3348
                Senior Member
                10/3/2008 2:09 PM
                  You can't do that within LSF9; you would need to 'bind' to an LDAP that supports it, like Active Directory.
                  Thanks for using the LawsonGuru.com forums!
                  John
                  You are not authorized to post a reply.