Set Up the LDAP Connection

LDAP Authorization User Guide

Troubleshooting Connection Errors

Lightweight Directory Access Protocol (LDAP) connection errors can appear in the Mirth® Connect by NextGen Healthcare server log. They can also appear when you test the connection in the LDAP Authorization settings panel. A Connection Error in the Test Connection Window In some cases, you can gain additional information about an error condition by enabling debug logging for LDAP activity. LDAP Connection Error: "Admin User DN or Admin Password is invalid" The Lightweight Directory Access Protocol (LDAP) connection error "Admin User DN or Admin Password is invalid" includes a data number that indicates why the credentials were rejected. LDAP Connection Error: "An error occurred" The Lightweight Directory Access Protocol (LDAP) connection error "An error occurred" indicates an error that Mirth® Connect by NextGen Healthcare does not recognize. LDAP Connection Error: "An error occurred / No route to host" The Lightweight Directory Access Protocol (LDAP) connection error "An error occurred

LDAP Authorization User Guide

Restore the LDAP Admin Password After Restoring Server Configuration

After restoring Mirth® Connect by NextGen Healthcare server configuration from a backup, you must re-enter the Lightweight Directory Access Protocol (LDAP) Admin password so it can be re-encrypted. You can select back up and restore options in the Server Tasks pane for Mirth® Connect by NextGen Healthcare server configurations. For details, go to the Mirth Connect download site and download the User Guide for Mirth® Connect by NextGen Healthcare. Backup Config and Restore Config buttons in the Server Tasks section The Mirth® Connect server uses an internal encryption key to encrypt passwords. If you restore a configuration backup from another Mirth® Connect server that uses a different encryption key, you must re-enter the LDAP Admin password so it can be re-encrypted using the current server key. In the LDAP Configuration section, you can re-enter the password in the Change Admin Password field. Change Admin Password field in the LDAP Configuration section Until you re-enter the LDAP

LDAP Authorization User Guide

LDAP Authorization in Mirth® Connect by NextGen Healthcare

When the Lightweight Directory Access Protocol (LDAP) extension is installed, users can log on to Mirth® Connect by NextGen Healthcare using credentials that are controlled by a separate LDAP directory. The connection between Mirth® Connect and the Lightweight Directory Access Protocol (LDAP) server can be encrypted if needed for security. You can use the Role-Based Access Control extension for Mirth® Connect to assign roles to specific groups of user accounts in the LDAP directory. The LDAP extension is designed to work with LDAP directory services such as: Active Directory OpenLDAP™ ApacheDS™ You can configure LDAP integration in Mirth® Connect in Settings > LDAP Authorization: LDAP Configuration section When LDAP authorization is enabled, only user accounts that exist in the LDAP Directory are permitted to log on to Mirth® Connect. Any local Mirth® Connect user accounts (listed under Users in Mirth® Connect) are disabled. These accounts are re-enabled if LDAP authorization is later

LDAP Authorization User Guide

Enable Encryption

Configure options for encrypted communication between Mirth® Connect by NextGen Healthcare and a Lightweight Directory Access Protocol (LDAP) server. Mirth® Connect by NextGen Healthcare can communicate with a Lightweight Directory Access Protocol (LDAP) server using an encrypted connection. You can set options to encrypt the LDAP connection. LDAP Configuration In the LDAP Configuration section, set Encryption to one of the following: None: No encryption is performed. STARTTLS: Start with Transport Layer Security (TLS) and upgrade to an encrypted connection. Typically, LDAP servers use port 389 for TLS. SSL: Use Secure Sockets Layer (SSL) protocol. Typically, LDAP servers use port 636 for SSL. Set Certificate Validation to one of the following: Enabled: Mirth® Connect does not connect to the LDAP server if the server presents an SSL certificate that is not trusted. For the connection to succeed, you need to first import the LDAP server public SSL certificate. Disabled: Mirth® Connect t

LDAP Authorization User Guide

Filter User Accounts

Specify which organizational units, groups, or individual users in a Lightweight Directory Access Protocol (LDAP) server are allowed to log on to Mirth® Connect by NextGen Healthcare. By default, all users within the base distinguished name (DN) can log on to Mirth® Connect by NextGen Healthcare. To adjust which users are able to log on to Mirth® Connect, you can add user groups to the Search Contexts table. When the table is populated, log ons are permitted only for the organizational units (OUs), groups, or individual users listed in this table. Search Contexts Table Open the LDAP Configuration page in Mirth® Connect. Your users with provisioned access are listed in the Base DN field and the Search Contexts field. To add an entry, select Add next to the Search Contexts field. To delete an entry, select the entry, then select Delete. To specify the users that are allowed by a particular entry, do the following: Select an entry. Select the folder DN folder icon icon at the right of the

LDAP Authorization User Guide

Recover from a Forgotten Recovery Username / Password

If you lose the recovery username or password, you can use database queries to manually reset the recover account credentials, or you can disable Lightweight Directory Access Protocol (LDAP). If you cannot log on to Mirth® Connect by NextGen Healthcare and forgot your Lightweight Directory Access Protocol (LDAP) recovery username or password, you must reset the credentials or disable LDAP. If you have access to the Mirth® Connect database, manually reset the recovery account credentials. To reset the recovery username and password: Connect to the database by using the connection information in the database.url entry in the /conf/mirth.properties file in the Mirth® Connect home folder. database.url = jdbc:postgresql://localhost:5432/mirthdb Execute the following queries to set the recovery username to recovery and also set the password to recovery: UPDATE configuration SET value = 'recovery' WHERE name = 'recoveryUsername' AND category = 'LDAP Authorization'; UPDATE configuration SET va

Set Up the LDAP Connection

Recommendations

Troubleshooting Connection Errors

Restore the LDAP Admin Password After Restoring Server Configuration

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Enable Encryption

Filter User Accounts

Recover from a Forgotten Recovery Username / Password

Troubleshooting Connection Errors

Restore the LDAP Admin Password After Restoring Server Configuration

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Enable Encryption

Filter User Accounts

Recover from a Forgotten Recovery Username / Password