Restore the LDAP Admin Password After Restoring Server Configuration

LDAP Authorization User Guide

Mirth® Appliance by NextGen Healthcare Automatic Failover Configuration

Use the recovery user account when you need to log on to a backup instance of the Mirth® Appliance by NextGen Healthcare. If two instances of the Mirth® Appliance by NextGen Healthcare are configured for automatic failover with a primary and a backup instance of Mirth® Connect, the server configuration is automatically copied from primary to backup. In this situation, NextGen Healthcare recommends that you log on to the backup server only with the recovery user account. When the primary console is restored, Lightweight Directory Access Protocol (LDAP) users are able to log on again. If LDAP users need to log on to the backup console, you must log on with the recovery account and re-enter the LDAP admin password. Parent topic: Restore the LDAP Admin Password After Restoring Server Configuration Related tasks Set Up the LDAP Connection

LDAP Authorization User Guide

LDAP Authorization in Mirth® Connect by NextGen Healthcare

When the Lightweight Directory Access Protocol (LDAP) extension is installed, users can log on to Mirth® Connect by NextGen Healthcare using credentials that are controlled by a separate LDAP directory. The connection between Mirth® Connect and the Lightweight Directory Access Protocol (LDAP) server can be encrypted if needed for security. You can use the Role-Based Access Control extension for Mirth® Connect to assign roles to specific groups of user accounts in the LDAP directory. The LDAP extension is designed to work with LDAP directory services such as: Active Directory OpenLDAP™ ApacheDS™ You can configure LDAP integration in Mirth® Connect in Settings > LDAP Authorization: LDAP Configuration section When LDAP authorization is enabled, only user accounts that exist in the LDAP Directory are permitted to log on to Mirth® Connect. Any local Mirth® Connect user accounts (listed under Users in Mirth® Connect) are disabled. These accounts are re-enabled if LDAP authorization is later

LDAP Authorization User Guide

Set Up the LDAP Connection

To set up Lightweight Directory Access Protocol (LDAP) integration, you must enable LDAP, enter a host address and port number, and enter the base distinguished name (DN). To set up Lightweight Directory Access Protocol (LDAP) integration, perform these steps. In the LDAP Configuration section, open the LDAP Authorization tab. Set LDAP Enabled to Yes. This option is initially disabled. Enabling LDAP Integration Enter the host address and port of your LDAP server.The standard port used by LDAP servers is typically port 389. When Secure Sockets Layer (SSL) protocol is enabled, the port number typically is 636. Host Address and Port Enter the base distinguished name (DN).The base DN is the root DN under which all operations and user searches take place. If this field is left blank, Mirth® Connect by NextGen Healthcare attempts to detect the base DN from the Admin user DN. Base DN Enter the Admin user DN (also called the Bind DN) and the password. These are the credentials that Mirth® Conn

LDAP Authorization User Guide

Recover from a Forgotten Recovery Username / Password

If you lose the recovery username or password, you can use database queries to manually reset the recover account credentials, or you can disable Lightweight Directory Access Protocol (LDAP). If you cannot log on to Mirth® Connect by NextGen Healthcare and forgot your Lightweight Directory Access Protocol (LDAP) recovery username or password, you must reset the credentials or disable LDAP. If you have access to the Mirth® Connect database, manually reset the recovery account credentials. To reset the recovery username and password: Connect to the database by using the connection information in the database.url entry in the /conf/mirth.properties file in the Mirth® Connect home folder. database.url = jdbc:postgresql://localhost:5432/mirthdb Execute the following queries to set the recovery username to recovery and also set the password to recovery: UPDATE configuration SET value = 'recovery' WHERE name = 'recoveryUsername' AND category = 'LDAP Authorization'; UPDATE configuration SET va

LDAP Authorization User Guide

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"

The LDAP connection error "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException" can occur if the encryption key changed, if there are mismatched Java versions, or if Java Cryptography Extension (JCE) is not installed on your workstation. This Lightweight Directory Access Protocol (LDAP) connection error message ends with either EncryptionFailedException or DecryptionFailedException. This error can result from any of the following conditions: The Mirth® Connect by NextGen Healthcare encryption key changed or the encryption settings defined in /conf/mirth.properties have changed. The password for the admin user DN is stored by Mirth® Connect and is encrypted for security. Mirth® Connect uses an internal encryption key to encrypt the password. This internal encryption key is located in the file pointed to by the "keystore.path" setting in the mirth.properties file (the default location is /appdata/keystore.jks). If this file is changed or replaced or if

LDAP Authorization User Guide

Enable Encryption

Configure options for encrypted communication between Mirth® Connect by NextGen Healthcare and a Lightweight Directory Access Protocol (LDAP) server. Mirth® Connect by NextGen Healthcare can communicate with a Lightweight Directory Access Protocol (LDAP) server using an encrypted connection. You can set options to encrypt the LDAP connection. LDAP Configuration In the LDAP Configuration section, set Encryption to one of the following: None: No encryption is performed. STARTTLS: Start with Transport Layer Security (TLS) and upgrade to an encrypted connection. Typically, LDAP servers use port 389 for TLS. SSL: Use Secure Sockets Layer (SSL) protocol. Typically, LDAP servers use port 636 for SSL. Set Certificate Validation to one of the following: Enabled: Mirth® Connect does not connect to the LDAP server if the server presents an SSL certificate that is not trusted. For the connection to succeed, you need to first import the LDAP server public SSL certificate. Disabled: Mirth® Connect t

Restore the LDAP Admin Password After Restoring Server Configuration

Recommendations

Mirth® Appliance by NextGen Healthcare Automatic Failover Configuration

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Set Up the LDAP Connection

Recover from a Forgotten Recovery Username / Password

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"

Enable Encryption

Mirth® Appliance by NextGen Healthcare Automatic Failover Configuration

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Set Up the LDAP Connection

Recover from a Forgotten Recovery Username / Password

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"

Enable Encryption