How to Mass Delete Lawson users using Loadusers

, ,

If you ever come across an instance where you need to clean up your system from old or faulty data, you can use the loadusers utility to mass-delete users, roles, or groups. The loadusers utility accepts input from an XML file that you create. You can simply populate any attributes that you want to delete.

The following is an example of an XML file from the Infor LSF Documentation guide that has been used to delete users, roles, and groups. The roles and groups in this file would only be deleted if they were not assigned to any other users than the ones being deleted.

Sample XML file

<?xml version=”1.0″ encloding=”ISO-8859-1″?<XML><ROLEDATA>    <ROLE ID=”Test1″>   <ROLE ID=”Test1″></ROLEDATA><GROUPDATA>    <GROUP ID=”Test1″>   <GROUP ID=”Test1″></GROUPDATA><USERDATA ProductLine-“APPS900″ SSOPPASSWORD=”temp”>    <USER ID=”cssttst100″/>   <USER ID=”cssttst101″/>   <USER ID=”cssttst102″/>   <USER ID=”cssttst103 RMID103″/></USERDATA><IDENTITIES></IDENTITIES></XML>

Command syntax for loadusers when used to delete users

From the command line, type

loadusers -f filename -u

where

filename = the XML file that contains the user data to be deleted

How to add or edit Smart Notification related Info to an existing Smart Note in LBI

, ,

First lets login into LBI and open smart notifications:

Once open, go to Notifications Tab:

Select edit on the notification you want to modify:

Go to the Related Info >> Links >> Enter a Name and Web Address >> Add >> Save Updates:

To edit an existing related info link, simply select edit under “My Custom Urls”:

Make sure you Save Updates!

These related Info Links show up at the bottom of the report the user receives as shown below:

This type of work is typically done by a Lawson technical resource. Organizations often hire a Lawson consultant team who offer managed services at a fixed monthly rate. These Lawson teams have a wider range of expertise and knowledge and are ideal for larger organizations but also are great for smaller ones that don’t need a dedicated Lawson employee on-site. Nogalis does offer this as a service so feel free to reach out to us via our contact page.

Unable to Save Changes in LSA Federated System

, ,

When making a change via the Lawson Security Administrator (LSA) tool like adding or removing a role for example, saving the changes make get an error saying it cannot make the change.

 

“Unable to change object(RMidValue), change failed. Original Exception: null”

 

How can I resolve this?

 

Steps To Reproduce:

 

Duplicate this in a “Federated” setup, Lawson System Foundation (LSF) is federated with Landmark

 

You would need to have a lock situation with the write.lock file for the Infor Security Services (ISS) Search index (Lucene Index), example message from the LAWDIR/system/security_search.log:

 

org.apache.lucene.store.LockObtainFailedException: Lock obtain timed out: NativeFSLock@/lsfprod1/law/system/search/index/resource/DEFAULT/index_2/write.lock

 

 

 

at org.apache.lucene.store.Lock.obtain(Lock.java:84)

 

at org.apache.lucene.index.IndexWriter.init(IndexWriter.java:1060)

 

at org.apache.lucene.index.IndexWriter.<init>(IndexWriter.java:882)

 

at com.lawson.lawsec.search.lucene.LuceneIndexManager.<init>(LuceneIndexManager.java:45)

 

at com.lawson.lawsec.search.lucene.IndexWriterRegistry.initForTenant(IndexWriterRegistry.java:131)

 

at com.lawson.lawsec.search.lucene.IndexWriterRegistry.lookup(IndexWriterRegistry.java:196)

 

at com.lawson.lawsec.search.lucene.LuceneIndexServiceFactory.createLucenenServiceForRM(LuceneIndexServiceFactory.java:69)

 

at com.lawson.lawsec.search.lucene.LuceneIndexServiceFactory.createIndexServiceForRM(LuceneIndexServiceFactory.java:34)

 

at com.lawson.lawrm.search.RMIndexManager.updateIndex(RMIndexManager.java:244)

 

at com.lawson.lawsec.server.events.ServerRMDataAccessEvent.processRMResource(ServerRMDataAccessEvent.java:699)

 

at com.lawson.lawsec.server.events.ServerRMDataAccessEvent.processRMDataEvent(ServerRMDataAccessEvent.java:173)

 

at com.lawson.lawsec.server.events.ServerRMDataAccessEvent.process(ServerRMDataAccessEvent.java:92)

 

at com.lawson.lawsec.server.SecurityEventHandler.processEvent(SecurityEventHandler.java:634)

 

at com.lawson.lawsec.server.SecurityEventHandler.run(SecurityEventHandler.java:377)

 

 

 

Log into the LSA tool

 

Go to User Management

 

Go to User Maintenance

 

Search for a user

 

Right click on the user’s record and choose “Edit RM Information”

 

double click the Role field to show the roles available and assigned

 

add or remove a role from the list and hit finish.

 

Go to the Edit menu and choose “Change”

 

You should receive the error in the status bar of the LSA tool

 

“Unable to change object(RMidValue), change failed. Original Exception: null”

 

Work Around:

 

Try rebuilding the ISS Search Index, this is not guaranteed to work;

 

ssoconfig -c

 

enter your password for ssoconfig

 

option 20 –  Manage Search Index

 

option 2   –  Build Monitoring Full Index

 

When this finishes, then next;

 

option 1   –  Build Resources Full Index

 

This step may take a while, you can monitor the status of the rebuild in the LAWDIR/system/security_search.log file. When this finishes then;

 

option 4   –  Refresh Server Index

How to create a Lawson Business Intelligence (LBI) Report Schedule

, ,

You may have a report in LBI that you want to create historical instances of as well as refresh data from time to time. Today we are going to go over how to do this in Reporting Services Admin.

 

  1. Login into LBI as an admin user and go to Reporting Services Administration
  2. Go to Maintain Reports and open the report via the [Details] link next to the report name.
  3. In the report under Scheduling, select New Schedule
  4. Under Run Date and Time fill in the:
    1. Name (schedule name)
    2. Instance Name (name of generated report), you must manually re-schedule if you want to include specific unique information in the name like date.
    3. Description
  5. Under Time and Frequency:
    1. Set the Scheduled Run Time (time of day)
    2. Time and Frequency
      1. Schedule for days in a Week – This will run for every day in the week you select regardless of date.
      2. Schedule for days in a Month – This will run the day you select in a month. Please note that there are specific check boxes for First and Last day in the month. If a month does not have a day like the 30th or 31st, it will skip that month.
    3. Effective Date Period
      1. Effective start date: This date must be set after current date and time.
      2. Expiration date: The report will no longer run this schedule after this date and time.
  6. The remaining Schedule Options should typically mirror the report options. Any customizations will not change the base report.

This type of work is typically done by a Lawson technical and or functional resource depending on the type of reports and their complexity. Organizations often hire a Lawson consultant team who offer managed services at a fixed monthly rate. These Lawson teams have a wider range of expertise and knowledge and are ideal for larger organizations but also are great for smaller ones that don’t need a dedicated Lawson employee on-site. Nogalis does offer this as a service so feel free to reach out to us via our contact page.

How to Verify a user is set as a Ming.le user

, ,

To verify a user is set as a Ming.le user, we will use the IsMingleUser column as an example to complete the steps below:

  1. Login and access the GEN data area
  2. Navigate to the Actor List
  3. Click Options (In the Web UI you will need to click the ellipsis first)
  4. Select Personalize
    1. If this is the first personalization you will need to click create
    2. If you are updating an existing personalization you will need to click update
  5. Click the + button > Add field
  6. Click the Search button
  7. Type ‘ism’ in the search field and hit enter
  8. Select IsMingleUser from the list
  9. Click OK
    1. If you wish to change the default label for the column, update the label box
  10. Check the box next to Updateable
    1. Depending on your LMK version, you may need to add the field and then edit it to check the box next to “Allow data to be updated in the list”
  11. Click OK

You are then returned to the actor list which will update and the IsMingleUser column will be added to the Actor List screen.

 

Note:

Other columns that you may want to add to assist with user provisioning include:

 

IsActorDisabled – make updateable

IsAckBodReq – make updateable

MingleId – make updateable

IsActorIFSDisabled

AccountLockout.IsAccountDisabled

 

Beginning with versions 2022.03.00..632 (MT) and 11.0.51.0.6489 (ST/OP) the following fields have been added as updateable to the default Actor List:

 

IsMingleUser

IsActorDisabled

IsActorIFSDisabled

IsAckBodReq

MingleId

How to find a Lawson user ID from an HR11 Employee ID

, ,

Some Lawson Security systems are setup with a form of the user ID being a combination of the last name with middle initials / first name initials.

Something like DoeJ for John Doe. Often users get their names updated due to a marriage or divorce and their user ID never gets updated along with their last name.

  1. To find the user by employee number, we need to first go to HR11 and find the user by their new last name to uncover their Employee ID.
  2. For this example, let’s say we search John Doe and it returns an employee ID of 264
  3. Now open Lawson Security Administrator and go to User Management >> Manage Identities
  4. Once in Manage Identities under “Services”, select the employee identity service, ours is named TEST10_EMPLOYEE:
  5. Select employee = <employee ID> and click Add Criteria
  6. Once the criteria is added, Execute Query
  7. You’ll be put to the results tab and if that user exists in Lawson security, it will show as so:

This type of work is typically done by a Lawson technical resource with a Security Administrator background. Organizations often hire a Lawson consultant team who offer managed services at a fixed monthly rate. These Lawson teams have a wider range of expertise and knowledge and are ideal for larger organizations but also are great for smaller ones that don’t need a dedicated Lawson employee on-site. Nogalis does offer this as a service so feel free to reach out to us via our contact page.

How to Convert a Non Ming.le user to a Ming.le user

, ,

One-time setup prerequisite
Before making any changes to users, if you do not already see the fields listed below in your Actor List in Landmark (LMK), please review KB 2017273 How to personalize the Actor List in Landmark and add the following fields and make them updateable:
IsMingleUser
IsActorDisabled
MingleID

The above attributes are included in the default view of the Actor List beginning with 2022.03 and 11.0.51

User Conversion Process

Lawson System Foundation (LSF) – skip this part of the process if your system does not include LSF
1. Login to Lawson Security Administrator (LSA)
2. Search for the user to be converted
3. In the search results, right click on the user and select edit RM information
4. Ensure the isDisabled field is set to No
a. If it is set to Yes, change it to No and save the change
5. Repeat steps 2-4 for each user that needs to be converted

Landmark
1. Login to Landmark
2. Navigate to the GEN data area – if you have a bookmark use that, if not use the steps below
a. Switch to the Administration Console role
b. Click Other
c. Click Application and System Links
d. In the new tab that opens, click User Management under Security Administration in the lower left corner of the screen
3. Click Actor in the left side menu
4. Search the Actor List for the user to be converted
5. Open the user from the Actor List
6. Ensure the actor has a valid unique email address on the contact tab
7. Save any changes made
8. Return to the Actor List – use the browser back button
9. Ensure the following about the user:
a. Actor Disabled is set to No
b. Mingle User is set to Yes
c. Ming.le ID is completed
-Update any information above that is not correct
-Ensure that the Ming.le ID is populated before setting Mingle User to yes
10. Save any changes made using the save button at the top of the list or under the actions menu

The user is now set up as a Ming.le user and has all required fields for updates to be sent between Landmark and Ming.le.
You can verify this by checking the following:
1. The user(s) exist in Ming.le User Management
2. The IFS ION Person ID in Ming.le matches the SSOP or SSOPv2 identity value in Landmark
3. The IFS ION Person ID in Ming.le matches the SSOP identity value in LSA
a. Updates to LSF are processed every 30 minutes on the hour and half hour when the IONREAD job runs. If you want to see the change before the job runs login to LID and run the readinbox command