The Pre-Sync Data Check Report: Overview
You can use the ISS Pre-Sync Data Check feature oh LSF to determine if some actor or identity records are missing required data. The feature is available on Landmark through secadm.
Run this report and fix identified errors before two systems are synced. If the Pre-Sync data check indicates errors, they should be fixed before you proceed with the system sync.
Results of the Pre-Sync Data Check feature and all actions taken by the Fix
Identity Data feature are written to the security provisioning log file and can be viewed
here: LAWDIR/system
The Pre-Sync Data Check Feature
You can use the Pre-Sync Data Check feature for both Actor and Identity records.
When you run the Pre-Sync Data Check, you can select the type of data (Actor or Identity) that you want to check. Any errors identified display on-screen and are also written to the security provisioning log file.
If you want to check both Actor and Identity data, you must run the Data Check for each type of data.
An example of a typical Actor error is an Actor record for which the email address is invalid or missing. Actor errors must be corrected manually. After you have corrected the errors, run the Data Check again to ensure that all errors have been corrected.
The Check and Fix Identity Feature
The Check and Fix Identity data feature is for Identity data only. After you run the Pre-Sync Data Check for Identities and corrected any errors that must be corrected manually, you can run the Check and Fix Identity Data feature to fix common errors. The errors that can be fixed are:
-
Missing Actor, that is, an identity is not tied to an Actor.
Error message that appears in LAWDIR/system/security_provisioning.log when an identity is not attached to an Actor record:
Mon Jun 20 10:18:15.518 CDT 2016 - default-1391560582: Found 15 identities for service SSOP Data errors found on identity User:testu1 for service SSOP ERROR: Unable to find actor testu1 assigned to identity Found 5 identities for service LSF9016 Data errors found on identity SID:S-1-5-21-4266810649-902599755-1009923321-1027 for service LSF9016 ERROR: Unable to find actor testu1 assigned to identity Found 2 identities for service LSS Data errors found on identity User:testu1 for service LSS ERROR: Unable to find actor testu1 assigned to identity
The Check and Fix Identity Data feature recreates the record with the Actor ID as its first and last name. You will need to manually change the user’s information, including access rights. If the Actor does not already exist, make changes through ISS and then make the same changes through the Lawson Security Administrator.
-
Missing or invalid password for an Identity.
Error message that appears in LAWDIR/system/security_provisioning.log for an invalid password for an identity:
Mon Jun 20 09:39:41.250 CDT 2016 - default-1278835946: Found 15 identities for service SSOP Found 5 identities for service LSF9016 Data errors found on identity SID:S-1-5-21-4266810649-902599755-1009923321-1027 for service LSF9016 ERROR: Invalid password. Password might be corrupted. Please reset password. Found 2 identities for service LSS
The Check and Fix Identity Data feature creates or modifies the password with a default of "abc123."
-
Missing or invalid idXRef record, that is, the internal security LDAP instance (idXREF) does not have a record for the Identity.
In security_provisioning.log: Mon Jun 20 09:48:41.532 CDT 2016 - default-811332709: Found 15 identities for service SSOP Data errors found on identity User:testu1 for service SSOP ERROR: Failed to verify identity idXref entry Found 5 identities for service LSF9016 Data errors found on identity SID:S-1-5-21-4266810649-902599755-1009923321-1027 for service LSF9016 ERROR: Failed to verify identity idXref entry Found 2 identities for service LSS
The Check and Fix Identity Data feature recreates the record using the information in the svcXref record.
Verify that idXref was created. If it was not, delete svcXref.