...
Open custo service center and navigate to Login→LDAP. This will open up a page that contains all configuration entries regarding the connection and mapping to the LDAP server.
Fill out the fields on the top of the page to have a basic setup. The page is more or less self-explanatory. Here is an example for a Windows Server Domain:
Note that filter filter for valid users can be appended if you activate "Import only users with valid profile mapping". The corresponding filter will be provided below for your information.
...
After you have finished, click on "Save Settings And Test". This will enforce the LDAP settings on the server. In order to check for errors, look at the log output at the end of the page:
Also check the imported users on the Administration → User page.
...
As users are automatically imported into custo diagnostic from LDAP, mapping provides you a way to configure the users automatically with the correct settings, correct tenant and correct doctor information.
The first and most important mapping is the profile mapping. This will let you provide map profiles to LDAP user groups. In custo diagnostic, this includes user permissions that are configured for the profiles.
To add a mapping, click "Add Entry" (1) and some dialogs will open that will let you choouse the LDAP Group, Profile and mapping behaviour. Note that you cannot edit such a configured mapping but you can delete it (2) and add it again.
After you finished the mapping click on 3 to save the mapping.
The same workflow can be used to map users to doctors. This is normally used to give users different address print-outs on prints and PDFs.
Last step is to do the same with tenants, if you use a tenant system:
After this your configuration is nearly complete. Hit the button "Synchronize Users" and check in Administration → User if the users are correctly imported and have the correct profile, doctor and tenant mapping.
...
The last step in this process is to activate LDAP login. Go to the Login page (1) and change Login Method to LDAP (2):
If you use Kerberos we will later change the Login Method to "Remote User". Now please check if the LDAP users can authenticate with the custo manager.
...
Edit the file <custo diagnostic server installation directory>/conf/krb5.ini so it looks like this:
|
Edit the file <custo diagnostic server installation directory>/conf/jaas.conf so it looks like this:
|
Note the correct usage of forward and backward slashes when editing the files.
...
Now you can change Login Method to Remote User:
As the last step, please restart the custo diagnostic server now.
...
For testing Kerberos authentication without using the custo manager, you can use the curl utility that is installed in the same folder as the custo diagnostic client:
|
If everything works and the logged in windows user is allowed to use custo diagnostic then this command should return "true".