How Kelly's Chicken "Exposed" LDAP Data to Lawson
This section describes, at a high level, the procedure that Kelly's Chicken used to add Lawson users. Details about how to perform the procedures outlined here are in the Lawson Security administration documentation.
Exposing existing LDAP users to Lawson
Because Kelly's Chicken already had an LDAP before they implemented Lawson and because their employees were already in the system, they wanted to leverage this data for their Lawson implementation, in other words, to share the LDAP users between Lawson and other applications that need the same data.
This is something that Lawson Security lets customers to do, as long as they are using one of the LDAP servers that Lawson supports. Lawson uses the term "exposing LDAP users to Lawson" to describe the process.
The Kelly's Chicken security administrator followed a process that involved the following general steps:
-
Map the LDAP objects that will be shared between Lawson and other applications
-
Import a file of Lawson user data to the LDAP
Most of the steps in these procedures are automated to some degree, so using this method to add Lawson users can save a large installation like Kelly's Chicken a significant amount of time.
Binding user passwords
Like many large companies in which an LDAP was already in place, Kelly's Chicken chose to "bind" passwords.
Binding passwords means storing Lawson passwords in a non-Lawson container within the LDAP. Kelly's Chicken chose to do this because they had other "consumers" (for example, applications not related to Lawson) that needed to make use of some of the same data as Lawson. They also wanted to make use of administrative tools, like password aging, that are not available from Lawson.
Typically, making a decision about where user passwords are to be stored is made prior to installing Lawson. Lawson Professional Services does the ldapbind configuration.