lsconfig - Lawson Security Configuration

lsconfig -uartl [-c password ON|OFF] [instanceName]

Use this utility to review and modify parameters for the Lawson Security system. You can also use the Lawson Security Administrator to review the parameters and to modify many of them.

You must be a member of the Windows Administrators group to use this utility.

Program Option Description
-a Add or modify security parameters.
-l List security parameters for viewing.
-r Assign a user to a role.
-t

Activate tracing for a specific user. Only turn tracing on for a use if instructed to do so by Lawson. Generally, you can gain enough information for troubleshooting through other means, such as the auditing and logging set up through the Lawson Security Administrator. If you use the -t option, you will be prompted for a user after you run the command. To indicate a user, enter a Resource Management ID.

If you turn on tracing, the information is stored in %LAWDIR%\system\Sec_username_Nbr_Nbr.log.

-c password ON|OFF Turn security off or off. You must specify the Single Sign-On Configuration utility (ssoconfig) password to use the -c option.
instanceName The data source that the specified security changes will be applied to.
-u View usage and syntax for the utility.
Property Description
AUDIT Set to ON or OFF to turn auditing on or off. If auditing is on, it will track the items listed for the AUDIT_TYPES parameter.
AUDIT_DATASRC The location where audit data is stored. If you select DB, the data is stored in the LSAUDIT file in the LOGAN data area. If you select LDAP, the data is stored in the LDAP repository. The default is DB. Be aware that if you select LDAP, large amounts of data may be placed in the LDAP repository.
AUDIT_TYPES The type of activities that will be monitored if you turn on auditing: ADD = adding security data for profiles, security classes, and rules; CHG = changing security data for profiles, security classes, and rules; DEL = deleting security data for profiles, security classes, and rules; DEN = denial of access, SSO = authentication attempt.
CACHING_INTERVAL The time in seconds that the system waits to check for updated security information.
CHECKING_OFF_RULE The access rule to use when Lawson Security is turned off. If you set this to NO_ACCESS for the entire system, not even security administrators will have access to Lawson application, Lawson Environment programs, and the Lawson Security Administrator.
DEDICATED_HANDLERS Set to TRUE or FALSE. If TRUE, then for each security request, a separate event handler is created that exists until the system is finished with the request. If FALSE, then the event handler for a request goes into a pool after finishing with each request, and is available for other requests. If you set this to FALSE, use the MAX_HANDLER_IDLETIME, MAX_CONN_BLOCK_TIME, MAX_HANDLER_COUNT, and MIN_HANDLER_COUNT parameters to control the event handler pool. TRUE generally results in faster performance but more intensive resource use.
DEFAULT_USER Not used.
INSTALLEDTYPES

Set to RM if you only have Infor Lawson System Foundation Standalone Technology. Set to RM, ERP if you have Infor Lawson Core Technology.

LAWDIR The path for the directory on the application server for the Lawson applications, configuration files, and spooled print output.
LOCAL_EXECUTION Not used.
LOGGING_LEVEL

The level of detail for the information that is included in the security logging for Lawson Security. The levels correspond as follows to the settings on the Auditing + Logging tab in the Lawson Security Administrator.

  • SEVERE and WARNING equal Critical.

  • INFO equals General.

  • FINER equals All.

  • FINEST equals Debug.

LOGGING_USERS The users that you have selected to audit.
LOG_DIR The directory where the log files are located.
MAX_CONN_BLOCK_TIME If DEDICATED_HANDLERS is set to FALSE, this is the amount of time in milliseconds until the pool of handlers becomes available.
MAX_HANDLER_COUNT If DEDICATED_HANDLERS is set to FALSE, this is the maximum number of handlers in the pool.
MAX_HANDLER_IDLETIME If DEDICATED_HANDLERS is set to FALSE, this is the time in milliseconds a handler should stay in the pool until the handler is stopped.
MIN_HANDLER_COUNT If DEDICATED_HANDLERS is set to FALSE, this the minimum number of handlers in the pool.
MODIFIEDON The most recent date and time security informaiton was modified.
PRINTNETMSG Set to TRUE to cause more verbose logging output. If set to TRUE, the maximum amount of information is sent to the ls<instancename>.log. Administrators must monitor the size of the log file if this parameter is set to TRUE.
RM_DS_NAME Not used.
RM_DS_TYPE Must be LARM. It refers to the Resource Management APIs used to access the Resource Management data source.
RM_MODIFIED_ON The date and time Resource Management data was modified. The date and time are in the format: yyyymmddhhmmss.
ROOTDN The LDAP node that is the root node for Lawson data o=lwsnrmmetaroot
SEC_DS_NAME Set to GEN.
SEC_DS_TYPE Set to LDAP to indicate that security data is stored in LDAP.
SECURITY_CHECKING Whether security checking through Lawson Security is turned on or off for the Lawson system.
SERVER_ADDR The address of the server (machine) that hosts the Lawson Security server.
SERVER_INSTANCE Set by installation to "default."
SERVER_PORT The port used by the Lawson Security server.
TRACE Indicates whether tracing has been turned on or off.
TRACE_DIR The directory where trace files are located.
USERMODIFIED The date and time that the last change was made to the security sytem. The date and time are in the format: yyyymmddhhmmss.
USE_SECURESOCKET If TRUE, SSL is used for transport of the password from the Lawson Portal to LDAP. If FALSE, the password is sent as plain text using TCPIP.