UNBind from LDAP

 4 Replies
 2 Subscribed to this topic
 121 Subscribed to this forum
Sort:
Author
Messages
Tomwise
Advanced Member
Posts: 32
Advanced Member
    Our company has been bought and sold numerous times over the years.  Up until now we were able to keep our own domain and user accounts.  The new owners want us to be in there domain and to use there userid's.  We want to maintain our users id's and not have to remake 1300+ accounts everytime we are sold.  Our production Lawson was bound in 9.0.0.x and we are currently on 9.0.1.8, so I don't want to use the old unbind.xml file and was trying know if anybody knows how to unbind from AD and just use the local ldap that Lawson uses.

    I've exported the ssop service and change:

    Use ldap binds

    To

    Verify passwords in Lawson Security

    Did a stoplase/startlase.

    It didn't work.

    Any help would be appreicated.

    Thank You,
    Tom
    John Henley
    Posts: 3353
      When you do the (first) bind away from Lawson's LDAP, the passwords associated with the SSOP service are removed from the Lawson LDAP.
      I think the best you can do is import the old ssoconfig export file, if you still have it, and then add passwords for users have been added since the original bind.

      Thanks for using the LawsonGuru.com forums!
      John
      Tomwise
      Advanced Member
      Posts: 32
      Advanced Member
        Hi John,

        I got our test environment unbound from Active Directory. I didn't have the SSO*.xml file that was generated when I did the original bind. I had an unbind file on another environment and used that as a guide. I did a dump of the ldap with ssoconfig and removed the entries for binding from the file and changed the SSOP entry to this:

        Note: (Replace the ... with either a < or > symbol)

        ...PROTOASSERT...Use HTTP only.../PROTOASSERT...
        ...HTTPURL...http://lawson.lancaster.l...ervlet.../HTTPURL...
        ...HTTPSURL...https://lawson.lancaster....rvlet.../HTTPSURL...
        ...PRIMARYTARGETLOOKUP...Verify passwords in Lawson Security.../PRIMARYTARGETLOOKUP...
        ...USERNAMEFIELD..._ssoUser.../USERNAMEFIELD...
        ...PASSWDFIELD..._ssoPass.../PASSWDFIELD...
        ...SERVICEURL...http://lawson.lancaster.l...tml.../SERVICEURL...
        ...LOGIN_SUBMIT_METHOD...POST.../LOGIN_SUBMIT_METHOD...
        .../LOGINSCHEME...
                ...CredentialAttrList...PASSWORD.../CredentialAttrList...
                ...UserAttrList...PASSWORD.../UserAttrList...
            .../SERVICE...
            ...IDENTITY SERVICENAME="SSOP"...
                ...RDID...lawson.../RDID...
                ...PASSWORD......![CDATA[LfVTUBYj0LddUlV5QxrsAg==]]....../PASSWORD...
                ...USER......![CDATA[lawson]]....../USER...
            .../IDENTITY...
        I removed all the SSOP accounts from the file except for the lawson user account which I copied from another environment.

        Lawson security keep giving me a "lawson sso server connection failure" when I tried to start the security tool, so I went to LID and used the ssosmoketest to test the login. I said that I had corrupt blocks with the account. So I went back into ssoconfig and drop the lawson SSOP entry and remade it. I was able to get into security, give myself a password and login into portal.

        I'll write a small 'C' program to populate the user accounts with a default password that only they will know.

        Thanks,
        Tom

        abaccam
        New Member
        Posts: 1
        New Member
          Greetings, I would like to request some assistance on this issue as I have the same problem. I have inherited support of Lawson LID 32-bit 9.0.1.7 and have zero experience with this product. We are retiring the active directory domain that this Lawson was installed orginally. We have cloned the orginal 2 servers and they are now in a workgroup. I can login into the Lawson application from the new servers. I now need to take SSO and LDAP out of the picture and use the local LDAP on the Lawson server.
          Any assistance would be greatly appreciated.

          Sincerely,
          AB
          Orlando Gray
          Advanced Member
          Posts: 34
          Advanced Member

            Hi Abacam.

            Did you ever get assistance with removing SSO and LDAP from your environment?

            I need to do the same for an old legacy system here at my company. 

            If so would love to know the steps that you took.