How Are Passwords Managed in a Federated System?

Security administrators who run both Infor Lawson System Foundation and Landmark environments where the two environments are federated (that, is shared Single Sign-On) must bear in mind the following when updating passwords:

If you are not using ldapbind (that is, binding to user information in a corporate LDAP):

• When a security administrator changes a shared user's password through the Lawson Security Administrator, the password is updated in both Infor Lawson System Foundation and Landmark.

• When a shared user changes his or her password through the Lawson for Infor Ming.le or the useratts page, the password is updated in both Infor Lawson System Foundation and Landmark.

• If the Infor Lawson System Foundation ssoconfig utility is used to change a shared user's password, the password is updated only in Infor Lawson System Foundation and will no longer be synchronized with Landmark. Lawson does not recommend using ssoconfig for updating passwords.

• If the Landmark secadm utility is used to change a shared user's password, it will be updated only in Landmark and will no longer be synchronized with Infor Lawson System Foundation

If you are using ldapbind (that is, you are binding to user information in a corporoate LDAP):

• If you use ldapbind for passwords in Infor Lawson System Foundation, you should also use ldapbind for Landmark if the two environments are federated. In a federated scenario, authentication will be performed through the Landmark SSOPV2 service. The login scheme for this service should be the same as for Infor Lawson System Foundation (that is, it should be an LDAPBIND login scheme) or else Infor Lawson System Foundation user authentication will fail. In this scenario, passwords are managed in the corporate LDAP.

For detailed user setup information and procedures forInfor Lawson System Foundation, see the Lawson Administration: Resources and Security guide.