Lawson Security Configuration Utility (lsconfig)
The Lawson Security Configuration utility (lsconfig) enables you to view and modify parameters for the Lawson Security system. You can also use the Lawson Security Administrator to review the parameters and to modify many of them.
To run the program, you must be:
-
On UNIX: the user "root"
-
On IBM i: the user "lawson"
-
On Windows: An administrator
The Lawson Security Configuration utility (lsconfig) command line syntax:
lsconfig –uartdl
| Program Option | Description |
|---|---|
| a | Add or modify security parameters. |
| l | List security parameters for viewing. |
| c | Turn security on and off. |
| r | Assign a user to a role. |
| t |
Start tracing for a specific user. Only turn tracing on for a use if instructed to do so by Lawson. Generally, you can gain enough information for troubleshooting through other means, such as the auditing and logging set up through the Lawson Security Administrator. If you use the –t option, you are prompted for a user after you run the command. To indicate a user, enter a Resource Management ID. If you turn on tracing, the information is stored in:
|
| tn | Tenant ID (optional) |
| u | View usage and syntax for the utility. |
| audit |
Turn Security Audit ON or OFF Example: -audit password ON|OFF |
| audittypes |
Manage Security Audit Types | -audittypes password Example: -audittypes password ADD|CHG|DEL|DEN|SSO |
You can view or modify these properties or parameters.
| Property | Description |
|---|---|
| AUDIT | Set to ON or OFF to turn auditing on or off. If auditing is on, it tracks the items listed for the AUDIT_TYPES parameter. |
| AUDIT_DATASRC | The location where audit data is stored. If you select DB, the data is stored in the LSAUDIT file in the LOGAN data area. If you select LDAP, the data is stored in the LDAP repository. The default is DB. Be aware that if you select LDAP, large amounts of data may be placed in the LDAP repository. |
| AUDIT_TYPES | The type of activities that are monitored if you turn on auditing: ADD = adding security data for profiles, security classes, and rules; CHG = changing security data for profiles, security classes, and rules; DEL = deleting security data for profiles, security classes, and rules; DEN = denial of access, SSO = authentication attempt. |
| CACHING_INTERVAL | The time in seconds that the system waits to check for updated security information. |
| CHECKING_OFF_RULE | The access rule to use when Lawson Security is turned off. If you set this to NO_ACCESS for the entire system, not even security administrators have access to Lawson application, Lawson Environment programs, and the Lawson Security Administrator. |
| DEDICATED_HANDLERS | Set to TRUE or FALSE. If TRUE, then for each security request, a separate event handler is created that exists until the system is finished with the request. If FALSE, then the event handler for a request goes into a pool after finishing with each request, and is available for other requests. If you set this to FALSE, use the MAX_HANDLER_IDLETIME, MAX_CONN_BLOCK_TIME, MAX_HANDLER_COUNT, and MIN_HANDLER_COUNT parameters to control the event handler pool. TRUE generally results in faster performance but more intensive resource use. |
| DEFAULT_USER | Not used. |
| INSTALLEDTYPES |
Note: There must be no spaces in the value for this
property.
On UNIX: Set to RM if you use only ProcessFlow Runtime. Set to RM, ERP if you also have Infor Lawson Core Technology. On Windows: Set to RM if you use only ProcessFlow Runtime. Set to RM, ERP if you also have Infor Lawson Core Technology. On IBM i: Set to RM, ERP. |
| LAWDIR | The path for the directory on the application server for the Lawson applications, configuration files, and spooled print output. |
| LOCAL_EXECUTION | Not used. |
| LOGGING_LEVEL |
The level of detail for the information that is included in the security logging for Lawson Security. The levels correspond as follows to the settings on the Auditing + Logging tab in the Lawson Security Administrator.
|
| LOGGING_USERS | The users that you have selected to audit. |
| LOG_DIR | The directory where the log files are located. |
| MAX_CONN_BLOCK_TIME | If DEDICATED_HANDLERS is set to FALSE, this is the amount of time in milliseconds until the pool of handlers becomes available. |
| MAX_HANDLER_COUNT | If DEDICATED_HANDLERS is set to FALSE, this is the maximum number of handlers in the pool. |
| MAX_HANDLER_IDLETIME | If DEDICATED_HANDLERS is set to FALSE, this is the time in milliseconds a handler should stay in the pool until the handler is stopped. |
| MIN_HANDLER_COUNT | If DEDICATED_HANDLERS is set to FALSE, this the minimum number of handlers in the pool. |
| MODIFIEDON | The most recent date and time security information was modified. |
| PRINTNETMSG | Set to TRUE to cause more verbose logging output. If set to TRUE, the maximum amount of information is sent to the ls<instancename>.log. Administrators must monitor the size of the log file if this parameter is set to TRUE. |
| RM_DS_NAME | Not used. |
| RM_DS_TYPE | Must be LARM. It refers to the Resource Management APIs used to access the Resource Management data source. |
| RM_MODIFIED_ON | The date and time Resource Management data was modified. The date and time are in the format: yyyymmddhhmmss. |
| ROOTDN | The LDAP node that is the root node for Lawson data o=lwsnrmmetaroot |
| SEC_DS_NAME | |
| SEC_DS_TYPE | Set to LDAP to indicate that security data is stored in LDAP. |
| SECURITY_CHECKING | Whether security checking through Lawson Security is turned on or off for the Lawson system. |
| SERVER_ADDR | The address of the server (machine) that hosts the Lawson Security server. |
| SERVER_INSTANCE | Set by installation to "default." |
| SERVER_PORT | The port used by the Lawson Security server. |
| TRACE | Indicates whether tracing has been turned on or off. |
| TRACE_DIR | The directory where trace files are located. |
| USERMODIFIED | The date and time that the last change was made to the security system. The date and time are in the format: yyyymmddhhmmss. |
| USE_SECURESOCKET |
If TRUE, SSL is used for transport of the password from Lawson Portal to LDAP. If FALSE, the password is sent as plain text using TCPIP. |