Posts

Nogalis Webinar: Copying Landmark Productline (October 26th, 9 AM PST)

Copying productlines in S3 is a breeze, but Landmark is a different story. There are several possible scenarios and a lot of things to consider. Join us for this one hour webinar and gain access to a free tool that will help with the process.

A few things to keep in mind:

  1. Our webinars always fill up and we only have the capacity to host 200 attendees so sign up now!
  2. The time of the webinar is 9:00am PST. So please mind your time zone.
  3. Once you sign up, you can’t share the webinar link as each link allows for one unique session. So if you have colleagues who are interested in attending, please have them signup separately or else their session will kick you out.

We use anymeeting for our webinars. The application sometimes asks you to install a plugin. In order to be ready on time. Please give yourself an additional 10 minutes before the webinar begins.

When: Thursday October 26, 2017

               9:00 AM to 10:00 AM PST

This webinar is free to attend. Register Now

Landmark Authentication Fails

After completing federation and restarting LSF and Landmark, landmark authentication fails.  The security authen log returns the following error:  sun.security.validator.ValidatorException: PKIX path building failed.

This can happen if secured ldap bind is being used.  With the secured ldap bind (using ldaps protocol and port 636), the certificates from the AD server are missing from the java keystore on the landmark server.  This can happen even if you are using SSOP on LSF for authentication.  To resolve the issue, export the certificates from the AD server and import them into the java keystore.  If LSF was bound to AD, the certificates should already be on the LSF box.  They can be copied over from LSF and imported to the keystore on the landmark server using the following example.

 

D:\JDK\bin\keytool.exe  -keystore D:\JDK\jre\lib\security\cacerts -importcert -alias ADca –file D:\cacert.cer

D:\JDK\bin\keytool.exe  -keystore D:\JDK\jre\lib\security\cacerts -importcert -alias ADroot –file D:\root.cer

 

 

Error:

 

Wed May 31 09:49:13.112 MDT 2017 – default-724934462: Error encountered while getting users DN. Please see logs for details[egn1ldmam2ike26udaqvs9rs2g]Could Not Bind With privileged identity. User [lawson]simple bind failed:ldap.domain.com:636

Stack Trace :

javax.naming.CommunicationException: simple bind failed: ldap.domain.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

at javax.naming.InitialContext.init(InitialContext.java:244)

at javax.naming.InitialContext.<init>(InitialContext.java:216)

at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)

at com.lawson.security.authen.LawsonLDAPBindLoginProcedure.getDNForUser(LawsonLDAPBindLoginProcedure.java:446)

at com.lawson.security.authen.LawsonLDAPBindLoginProcedure._authenticate(LawsonLDAPBindLoginProcedure.java:233)

at com.lawson.security.authen.LawsonLDAPBindLoginProcedure.authenticate(LawsonLDAPBindLoginProcedure.java:681)

at com.lawson.security.authen.LawsonLoginSchemeImpl.authenticate(LawsonLoginSchemeImpl.java:1701)

at com.lawson.security.authen.LawsonProgrammaticAuthenticatorImpl.authenticate(LawsonProgrammaticAuthenticatorImpl.java:198)

at com.lawson.security.authen.LawsonProgrammaticAuthenticatorImpl.authenticate(LawsonProgrammaticAuthenticatorImpl.java:100)

at com.lawson.rdtech.gridadapter.provider.LmrkSessionProvider.createGridPrincipal(LmrkSessionProvider.java:287)

at com.lawson.rdtech.gridadapter.provider.LmrkSessionProvider.validatePassword(LmrkSessionProvider.java:254)

at com.lawson.rdtech.gridadapter.provider.AbstractSessionProviderBase.logon(AbstractSessionProviderBase.java:134)

at com.lawson.rdtech.gridadapter.provider.LmrkSessionProvider.logon(LmrkSessionProvider.java:159)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.invoke(ProxyServerImpl.java:2715)

at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.processRequest(ProxyServerImpl.java:2502)

at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.runThread(ProxyServerImpl.java:2425)

at com.lawson.grid.util.thread.PooledThread.run(PooledThread.java:137)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)

at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)

at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)

at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

… 30 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)

… 43 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

… 49 more

 

Wed May 31 09:49:13.113 MDT 2017 – default-724934462: Error encountered while getting users DN. Please see logs for details[egn1ldmam2ike26udaqvs9rs2g]Could Not Bind With privileged identity.

Wed May 31 09:49:13.113 MDT 2017 – default-724934462: Failed to get DN for user: lawson

Configuring the Landmark Main Configuration Set

This article will demonstrate how to set up the most commonly-used Infor Lawson configurations in Landmark.

Infor delivers two configuration sets with Landmark: “main” and “system”.  “Main” refers to the LSF environment, and “system” refers to the Landmark environment.  It is best practices to use these configuration sets for the processes that access these systems.

Here are the most commonly used configurations for Lawson:

Infor Lawson

Used for web calls (DME/AGS) to Lawson, as well as Resource queries (Lawson Security)

  • Infor recommends using Connection Type “Web”
  • Retry Count – number of times IPA will retry the connection after a failed attempt
  • Pause Time – Amount of time in milliseconds between each attempt to reconnect when web call fails
  • User – the web user who has access to DME/AGS calls and/or Lawson Security
  • Password – the web user’s password
  • Data Area – the name of the data area being accessed in the LSF environment
  • Web Root – http://servername.company.com
  • Time Out – Number of seconds of attempting to connect after which a timeout occurs
  • Page Size – The number of records returned in a DME query (blank means no limit)

File Access

Used for file reads and manipulation on the LSF server

  • Click “Remote” if LSF resides on a different server from Landmark
  • LSF Web RMI Root – Same as Web Root in the Infor Lawson connection (http://server.company.com)
  • Web user – the user who has directory access on the Lawson server
  • Web password – the above user’s password
  • RMI timeout – Number of milliseconds of attempting to connect after which a timeout occurs
  • GENDIR – GENDIR environment variable value on the LSF server
  • LAWDIR – LAWDIR environment variable value on the LSF server

 

JDBC

Used for SQL Queries and transactions

  • JDBC Driver – the driver name used for JDBC
  • Database URL – build the URL for your db
    • Example: jdbc:sqlserver://servername\instancename:port;databasename=databasename
    • Instance Name is optional
    • Port is optional (default is 1433)

 

Web

Used for the Web Run process node (can be used to update and run batch jobs, etc.)

  • Data Area – the data area to which you are connecting on LSF
  • Web Root – http://servername.company.com
  • User – the user who has access to web run calls
  • Password – the above user’s password
  • Time Out – Number of seconds of attempting to connect after which a timeout occurs
  • Amount of time in milliseconds between each attempt to reconnect when web call fails

 

Sys Cmd

Used to run command line system commands, including Lawson commands such as importdb

  • Check “Remote” is LSF resides on a separate server from Landmark
  • LSF Web/RMI Root – http://server.company.com
  • Web User – the user who has access to the LSF system
  • Web password – Web User’s password
  • RMI timeout – Number of milliseconds of attempting to connect after which a timeout occurs
  • GENDIR – GENDIR on LSF system
  • LAWDIR – LAWDIR on LSF system
  • Run as user – the provide user credentials under which the command should run
    • NOTE: Windows no longer allows cmd to be run as a different user, so command line will always be run under the user running the bpm service. This is most likely the system user, and as a result, that user will have to be added to Lawson security and given access to run Lawson commands (if that is how this node is used)
  • Run as user password – above user’s password (see note above)
  • Command timeout – Number of milliseconds of attempting to connect after which a timeout occurs