Filter User Accounts

LDAP Authorization User Guide

LDAP Authorization in Mirth® Connect by NextGen Healthcare

When the Lightweight Directory Access Protocol (LDAP) extension is installed, users can log on to Mirth® Connect by NextGen Healthcare using credentials that are controlled by a separate LDAP directory. The connection between Mirth® Connect and the Lightweight Directory Access Protocol (LDAP) server can be encrypted if needed for security. You can use the Role-Based Access Control extension for Mirth® Connect to assign roles to specific groups of user accounts in the LDAP directory. The LDAP extension is designed to work with LDAP directory services such as: Active Directory OpenLDAP™ ApacheDS™ You can configure LDAP integration in Mirth® Connect in Settings > LDAP Authorization: LDAP Configuration section When LDAP authorization is enabled, only user accounts that exist in the LDAP Directory are permitted to log on to Mirth® Connect. Any local Mirth® Connect user accounts (listed under Users in Mirth® Connect) are disabled. These accounts are re-enabled if LDAP authorization is later

LDAP Authorization User Guide

Map User Accounts to Roles

Map organizational units, groups, and individual users from the Lightweight Directory Access Protocol (LDAP) directory to specific roles in Mirth® Connect by NextGen Healthcare. Before you begin The User Authorization plug-in must be installed so that the Role column appears in the Search Contexts table. By default, the LDAP Authorization plug-in does not assign roles to user accounts from the LDAP directory. You can manually assign roles in the Search Contexts table. If you have already done so, create or modify roles on the Role-Based Access Control tab. Role-Based Access Control tab Select the LDAP Authorization tab. To assign roles to organizational units (OU), groups, or specific users in the LDAP directory, set Manage Roles to Yes. Manage Roles option In the Role column for each entry, select the role to assign to the users that are listed in the DN column. To assign multiple roles to the same OU, group, or user, create multiple entries with the same DN value but different Role v

LDAP Authorization User Guide

Set Up the LDAP Connection

To set up Lightweight Directory Access Protocol (LDAP) integration, you must enable LDAP, enter a host address and port number, and enter the base distinguished name (DN). To set up Lightweight Directory Access Protocol (LDAP) integration, perform these steps. In the LDAP Configuration section, open the LDAP Authorization tab. Set LDAP Enabled to Yes. This option is initially disabled. Enabling LDAP Integration Enter the host address and port of your LDAP server.The standard port used by LDAP servers is typically port 389. When Secure Sockets Layer (SSL) protocol is enabled, the port number typically is 636. Host Address and Port Enter the base distinguished name (DN).The base DN is the root DN under which all operations and user searches take place. If this field is left blank, Mirth® Connect by NextGen Healthcare attempts to detect the base DN from the Admin user DN. Base DN Enter the Admin user DN (also called the Bind DN) and the password. These are the credentials that Mirth® Conn

LDAP Authorization User Guide

LDAP Connection Error: "No user accounts were found"

The LDAP connection error "No user accounts were found" can occur if the LDAP connection has an incorrect base DN, search contexts, or username attribute mapping. This error can result from any of the following flaws in the configuration of the Lightweight Directory Access Protocol (LDAP) connection: The Base DN is incorrect. The Search Contexts does contain valid usernames. The Username attribute mapping is not set to the appropriate value. Mirth® Connect by NextGen Healthcare identifies user accounts on the LDAP server by looking for objects that contain the Username attribute. For Active Directory, the typical Username attribute is sAMAccountName. For other LDAP servers such as OpenLDAP, a common Username attribute is uid. Username Attribute in LDAP Attribute Mapping These settings are all located on the LDAP Authorization tab. Parent topic: Troubleshooting Connection Errors Related tasks Set Up the LDAP Connection Filter User Accounts Map User Attributes

LDAP Authorization User Guide

Map User Attributes

You must define mappings between user attributes in a Lightweight Directory Access Protocol (LDAP) directory and the user attributes maintained by Mirth® Connect by NextGen Healthcare. Mirth® Connect by NextGen Healthcare maintains the following set of attributes for user accounts: Username First Name Last Name Organization Email Phone Number Description These attributes are copied into Mirth® Connect from the LDAP directory when a user logs on to Mirth® Connect. To ensure that the correct LDAP attributes are used, review the mappings shown in the LDAP Attribute Mapping section and modify them as needed. LDAP Attribute Mapping section The values in these fields should correspond to user attributes in the LDAP directory. If you are not sure what attributes to enter, test the LDAP connection. The connection test shows user account information with the current attribute mappings along with a list of attributes that are not mapped.

LDAP Authorization User Guide

LDAP Connection Error: "An error occurred"

The Lightweight Directory Access Protocol (LDAP) connection error "An error occurred" indicates an error that Mirth® Connect by NextGen Healthcare does not recognize. An error occurred that Mirth® Connect by NextGen Healthcare does not recognize. Check to see if an error message was returned by the Lightweight Directory Access Protocol (LDAP) server. If so, the errors looks something like this: LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 701, v1db0 Make a note of the number specified in data <number>. In the preceding example, the number is 701, which is referred to as an LDAP result code. You can view definitions of LDAP result codes at the LDAP Result Code Reference page on ldap.com. If an LDAP error message is not shown, enable debug logging so that additional information can be collected the next time the error occurs. Parent topic: Troubleshooting Connection Errors Related concepts Enable Debug Logging for LDAP Activity

Filter User Accounts

Recommendations

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Map User Accounts to Roles

Set Up the LDAP Connection

LDAP Connection Error: "No user accounts were found"

Map User Attributes

LDAP Connection Error: "An error occurred"

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Map User Accounts to Roles

Set Up the LDAP Connection

LDAP Connection Error: "No user accounts were found"

Map User Attributes

LDAP Connection Error: "An error occurred"