lsconfig - Lawson Security Configuration
lsconfig -uartl [-c password ON|OFF]
[instanceName]
Use this utility to review and modify parameters for the Lawson Security system. You can also use the Lawson Security Administrator to review the parameters and to modify many of them.
You must be root to use this utility.
Program Option | Description |
-a
|
Add or modify security parameters. |
-l
|
List security parameters for viewing. |
-r
|
Assign a user to a role. |
-t
|
Activate tracing for a specific user. Only turn tracing
on for a use if instructed to do so by Lawson. Generally, you can
gain enough information for troubleshooting through other means, such
as the auditing and logging set up through the Lawson Security Administrator.
If you use the If you turn on tracing, the information is stored in $LAWDIR/system/Sec_username_Nbr_Nbr.log. |
-c password ON|OFF
|
Turn security off or off. You must specify the Single
Sign-On Configuration utility (ssoconfig) password to use the -c option.
|
instanceName
|
The data source that the specified security changes will be applied to. |
-u
|
View usage and syntax for the utility. |
Property | Description |
---|---|
AUDIT | Set to ON or OFF to turn auditing on or off. If auditing is on, it will track the items listed for the AUDIT_TYPES parameter. |
AUDIT_DATASRC | The location where audit data is stored. If you select DB, the data is stored in the LSAUDIT file in the LOGAN data area. If you select LDAP, the data is stored in the LDAP repository. The default is DB. Be aware that if you select LDAP, large amounts of data may be placed in the LDAP repository. |
AUDIT_TYPES | The type of activities that will be monitored if you turn on auditing: ADD = adding security data for profiles, security classes, and rules; CHG = changing security data for profiles, security classes, and rules; DEL = deleting security data for profiles, security classes, and rules; DEN = denial of access, SSO = authentication attempt. |
CACHING_INTERVAL | The time in seconds that the system waits to check for updated security information. |
CHECKING_OFF_RULE | The access rule to use when Lawson Security is turned off. If you set this to NO_ACCESS for the entire system, not even security administrators will have access to Lawson application, Lawson Environment programs, and the Lawson Security Administrator. |
DEDICATED_HANDLERS | Set to TRUE or FALSE. If TRUE, then for each security request, a separate event handler is created that exists until the system is finished with the request. If FALSE, then the event handler for a request goes into a pool after finishing with each request, and is available for other requests. If you set this to FALSE, use the MAX_HANDLER_IDLETIME, MAX_CONN_BLOCK_TIME, MAX_HANDLER_COUNT, and MIN_HANDLER_COUNT parameters to control the event handler pool. TRUE generally results in faster performance but more intensive resource use. |
DEFAULT_USER | Not used. |
INSTALLEDTYPES |
Set to RM if you only have Infor Lawson System Foundation Standalone Technology. Set to RM, ERP if you have Infor Lawson Core Technology. |
LAWDIR | The path for the directory on the application server for the Lawson applications, configuration files, and spooled print output. |
LOCAL_EXECUTION | Not used. |
LOGGING_LEVEL |
The level of detail for the information that is included in the security logging for Lawson Security. The levels correspond as follows to the settings on the Auditing + Logging tab in the Lawson Security Administrator.
|
LOGGING_USERS | The users that you have selected to audit. |
LOG_DIR | The directory where the log files are located. |
MAX_CONN_BLOCK_TIME | If DEDICATED_HANDLERS is set to FALSE, this is the amount of time in milliseconds until the pool of handlers becomes available. |
MAX_HANDLER_COUNT | If DEDICATED_HANDLERS is set to FALSE, this is the maximum number of handlers in the pool. |
MAX_HANDLER_IDLETIME | If DEDICATED_HANDLERS is set to FALSE, this is the time in milliseconds a handler should stay in the pool until the handler is stopped. |
MIN_HANDLER_COUNT | If DEDICATED_HANDLERS is set to FALSE, this the minimum number of handlers in the pool. |
MODIFIEDON | The most recent date and time security informaiton was modified. |
PRINTNETMSG | Set to TRUE to cause more verbose logging output. If set to TRUE, the maximum amount of information is sent to the ls<instancename>.log. Administrators must monitor the size of the log file if this parameter is set to TRUE. |
RM_DS_NAME | Not used. |
RM_DS_TYPE | Must be LARM. It refers to the Resource Management APIs used to access the Resource Management data source. |
RM_MODIFIED_ON | The date and time Resource Management data was modified. The date and time are in the format: yyyymmddhhmmss. |
ROOTDN | The LDAP node that is the root node for Lawson data o=lwsnrmmetaroot |
SEC_DS_NAME | Set to GEN. |
SEC_DS_TYPE | Set to LDAP to indicate that security data is stored in LDAP. |
SECURITY_CHECKING | Whether security checking through Lawson Security is turned on or off for the Lawson system. |
SERVER_ADDR | The address of the server (machine) that hosts the Lawson Security server. |
SERVER_INSTANCE | Set by installation to "default." |
SERVER_PORT | The port used by the Lawson Security server. |
TRACE | Indicates whether tracing has been turned on or off. |
TRACE_DIR | The directory where trace files are located. |
USERMODIFIED | The date and time that the last change was made to the security sytem. The date and time are in the format: yyyymmddhhmmss. |
USE_SECURESOCKET | If TRUE, SSL is used for transport of the password from the Lawson Portal to LDAP. If FALSE, the password is sent as plain text using TCPIP. |