Posts

Selected Dist. List Does Not Match To User Group

You may come across an issue in LSA such as the following, “Selected Dist. List Does Not Match To User Group.” This issue occurs when you don’t have your user assigned to the proper group (and also trying to assign dist. list group via LSA vs ISS). Here is how to fix it:

 

  1. Confirm the user is assigned to the group in grpdef:
  2. Add the group you created with users in dstlstgrpdef
  3. Lawson Security Administrator (LSA) may have an issue adding this user in their environment info
  1. Login to Infor Security Service (ISS) and assign the distribution group their to the user.

That’s it!

Lawson Security: Data area has been suspended

Problem:

When I try to access or add a rule to a security class in the Lawson Security Administrator (LSA), I get the error message, “Data area has been suspended”. How do I resolve this issue?

 

Resolution:

This error usually occurs after running dbreorg without stopping your LSF WebSphere Application Server prior to the execution of dbreorg. This is a simple fix.

 

Basic steps to resolve this issue:

  1. First, we need to stop WebSphere
  2. Next, stop LSF
  3. From here, you must make sure that there are no java processes running. This is important so you won’t get the same error message again.
  4. After confirming, then you can re-start LSF
  5. Finally, start WebSphere again. You shouldn’t get the error message anymore.

Changing a Lawson system user password and checking if LDAP rebind is needed

When updating a Lawson system user, we need to make sure that the user is not LDAP bound and check if it needs a ldap rebind.

 

The first thing you need to do is login to Lawson Security Administrator then navigate over to Managed Privileged Identities.

 

From here, you need to select SSOP_BIND.

Next, select the DEFAULT key as shown below. Make note if the DN Attribute name is the same as the system user. If so, you will need to do a full LDAP rebind. If not, you’re okay to change the password.

And you’re all done. Good luck!

LSA Security User Search Error

Description:

When I try to access user information in LSA security administrator, I am not able to see any users.

The error edit shows:

Stack Trace : org.mozilla.javascript.EcmaError: ReferenceError: “MISSING” is not defined. (<RuleAttribute>#1)
at org.mozilla.javascript.ScriptRuntime.constructError(ScriptRuntime.java:3226)
at org.mozilla.javascript.ScriptRuntime.constructError(ScriptRuntime.java:3216)
at org.mozilla.javascript.ScriptRuntime.notFoundError(ScriptRuntime.java:3289)
at org.mozilla.javascript.ScriptRuntime.nameOrFunction(ScriptRuntime.java:1633)
at org.mozilla.javascript.ScriptRuntime.name(ScriptRuntime.java:1572)
at org.mozilla.javascript.gen.c221._c0(<RuleAttribute>:1)
at org.mozilla.javascript.gen.c221.call(<RuleAttribute>)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:337)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2755)
at org.mozilla.javascript.gen.c221.call(<RuleAttribute>)
at org.mozilla.javascript.gen.c221.exec(<RuleAttribute>)
at com.lawson.lawsec.author.mgr.Rule.exec(Rule.java:168)

Resolution:

This message tells us that for some reason the security server (LASE process that runs) lost its connection to the ldap instance where the rules are stored for Lawson Security.

To work toward resolving the issue, you can follow KB Article ID: 1580306 – “Lawson Security: How to run a User Security Report when requested by Support”, for the application profile in question. Within that report, look for the word MISSING on the right hand side of the report where the ruleText is listed.
Most of the time, when this error is presented, you can use the Lawson Security Administrator (LSA) tool to fix the issue without doing a full restart of the Lawson related services.

If you do see the word MISSING, do the following from within the LSA tool:

  1. Click on “Server Management”
  2. Click on “Clear Cache”
  3. Go open a brand new IE browser session.. do not use a new TAB in an existing browser, it has to be a “new IE session”
  4. Log into Infor Lawson for Portal for Ming.leas someone that is a “Portal Administrator” that can run the “Clear IOS Cache” option.
  5. Ask one of the users to open a new IE session, not a new TAB within an existing browser, then try their same action that they were having an issue with.

ADDITIONAL INFORMATION:  In regard to the difference between the function of the “caching interval” setting and using/clicking the “Clear Cache” option under Server management. When you make security changes to users, you should not need to hit clear cache after making a change.  When the caching interval time is hit, the change will be placed into the security cache for use. The difference here is that when you hit the “Clear Cache” option, it drops the full security cache and re-reads the entire cache instead of reflecting just the changes. So, in order to clear up the issue where the security process could not find the rule Id tied to the securable objects, you needed to click on “Clear Cache”.

In some severe instances we may need to have the some of the rules deleted and rewritten but that is not a common occurrence and there are other steps we’d need to do prior to having you delete and rewrite rules so please open a new support incident if the steps above do not fix the issue.

 

Unable to Save Changes in LSA Federated System

When making a change via the Lawson Security Administrator (LSA) tool like adding or removing a role for example, saving the changes make get an error saying it cannot make the change.

 

“Unable to change object(RMidValue), change failed. Original Exception: null”

 

How can I resolve this?

 

Steps To Reproduce:

 

Duplicate this in a “Federated” setup, Lawson System Foundation (LSF) is federated with Landmark

 

You would need to have a lock situation with the write.lock file for the Infor Security Services (ISS) Search index (Lucene Index), example message from the LAWDIR/system/security_search.log:

 

org.apache.lucene.store.LockObtainFailedException: Lock obtain timed out: NativeFSLock@/lsfprod1/law/system/search/index/resource/DEFAULT/index_2/write.lock

 

 

 

at org.apache.lucene.store.Lock.obtain(Lock.java:84)

 

at org.apache.lucene.index.IndexWriter.init(IndexWriter.java:1060)

 

at org.apache.lucene.index.IndexWriter.<init>(IndexWriter.java:882)

 

at com.lawson.lawsec.search.lucene.LuceneIndexManager.<init>(LuceneIndexManager.java:45)

 

at com.lawson.lawsec.search.lucene.IndexWriterRegistry.initForTenant(IndexWriterRegistry.java:131)

 

at com.lawson.lawsec.search.lucene.IndexWriterRegistry.lookup(IndexWriterRegistry.java:196)

 

at com.lawson.lawsec.search.lucene.LuceneIndexServiceFactory.createLucenenServiceForRM(LuceneIndexServiceFactory.java:69)

 

at com.lawson.lawsec.search.lucene.LuceneIndexServiceFactory.createIndexServiceForRM(LuceneIndexServiceFactory.java:34)

 

at com.lawson.lawrm.search.RMIndexManager.updateIndex(RMIndexManager.java:244)

 

at com.lawson.lawsec.server.events.ServerRMDataAccessEvent.processRMResource(ServerRMDataAccessEvent.java:699)

 

at com.lawson.lawsec.server.events.ServerRMDataAccessEvent.processRMDataEvent(ServerRMDataAccessEvent.java:173)

 

at com.lawson.lawsec.server.events.ServerRMDataAccessEvent.process(ServerRMDataAccessEvent.java:92)

 

at com.lawson.lawsec.server.SecurityEventHandler.processEvent(SecurityEventHandler.java:634)

 

at com.lawson.lawsec.server.SecurityEventHandler.run(SecurityEventHandler.java:377)

 

 

 

Log into the LSA tool

 

Go to User Management

 

Go to User Maintenance

 

Search for a user

 

Right click on the user’s record and choose “Edit RM Information”

 

double click the Role field to show the roles available and assigned

 

add or remove a role from the list and hit finish.

 

Go to the Edit menu and choose “Change”

 

You should receive the error in the status bar of the LSA tool

 

“Unable to change object(RMidValue), change failed. Original Exception: null”

 

Work Around:

 

Try rebuilding the ISS Search Index, this is not guaranteed to work;

 

ssoconfig -c

 

enter your password for ssoconfig

 

option 20 –  Manage Search Index

 

option 2   –  Build Monitoring Full Index

 

When this finishes, then next;

 

option 1   –  Build Resources Full Index

 

This step may take a while, you can monitor the status of the rebuild in the LAWDIR/system/security_search.log file. When this finishes then;

 

option 4   –  Refresh Server Index

How to Resolve “An error has occurred in the script on this page” for expression builder in Lawson Security Administrator

Here is a simple was to Resolve the notification: “An error has occurred in the script on this page” for expression builder in Lawson Security Administrator (LSA).

In LSA when trying to build a custom rule for a program you may get this error:

Trying to get passed it, it comes up again and doesn’t allow the user build rules for a file or token:

The resolution is pretty simple, go to your C:\Windows\SysWOW64 directory and run the following command:

regsvr32 msxml14.dll

You should get a pop-up confirming this. Login to LSA again and you should be good to go!