OpenEMR and Active Directory Integration


(shivam) #1

Hello,

Can you please suggest which file at OS level stores Active Directory configuration.

I am working on integrating OpenEMR with Active Directory, While doing the configuration I updated User and domain controllers for my active directory in OpenEMR portal and saved the configuration.

Looks like I put some wrong details as it is not allowing me still to login with AD user and also now OpenEMR also has blocked login through local user as I activated AD connection.

So I need to login at OS level to update AD details to have OpenEMR allowing me login through portal.

Please suggest.

Thanks,
Shivam


(Brady Miller) #2

Hi @shivammittal ,
You can always directly modify global settings in the globals mysql table if get locked out like this. You would set the use_active_directory entry in globals mysql table to 0 (the gl_value).


-brady


(shivam) #3

Thank you Brady, I could reset the table flag and login.

Please see below AD config and suggest what I am doing wrong -

Thanks,
Shivam


(shivam) #4

image


(Brady Miller) #5

Hi @Shiva ,
I flagged the developers of this feature, so hopefully they will weigh in here. Here’s a related issue on github showing a screenshot at least of example of use:


-brady


(shivam) #6

Thank you Brady, Will test it.


(shivam) #7

Hi Brady,

I could connect with Active Directory in OpenEMR with these settings, But it is only allowing connection with Active Directory Admin User. I created one new user and exactly same as admin but OpenEMR does not allow that connection.

Is there any addition steps required to have all AD users connecting in OpenEMR.

My current setup

Github link also suggests -

“after the first login as admin a new user must be added and the globals changed.”

So where should we have the user added, I am assuming in Active Directory only which I created new user and replica of admin. Please let me know what I am missing.

Thanks,
Shivm


(David Nichols) #8

Hi Shivm,

I just got this working not too long ago.

For context my setup is OpenEMR 5.0.1 hosted on Ubuntu 18.04 and I have a Windows Server 2016 Active Directory.

Here is what I did:

  • Step 1: Logged into my Active Directory Domain Controller and added a user:
    • Name (can be anything): OpenEMR admin
    • User logon name: admin
    • Password: [new admin password]
  • Step 2: Logged into the EMR with EMR admin account and set Administration/Globals checked the “Use Active Directory” with the same set-up you had.
    image
  • Step 3: I then hit save and it will prompt you to log back into the EMR. This time, log in with the password you set in the Active Directory in step 1.
    • User logon name: admin
    • Password: [new admin password]
  • Step 4: Now, to add users, they need to be in BOTH the Active Directory AND in the EMR as users. The Active Directory does not credential users access within the EMR. So add the user you want in the EMR with the correct level of access
    • Username: Doctor01
    • Password: [Random Password]
  • Step 5: Then I logged into my Active Directory Domain Controller and added the user to the Active Directory
    • Name: Doctor 01
    • User login name: Doctor01
    • Password: [Doctor’s Domain Login Password]
  • Step 6: Login to the EMR as user Doctor01 using the password you just made in the Active Directory
    • User login name: Doctor01
    • Password: [Doctor’s Domain Login Password]

One additionally item, to make the EMR users easier to manage long term, you can also add groups to the Active Directory settings in OpenEMR and add users to those groups, that way you can add and remove access to the domain via that group management from the Active Directory side.

This can be done by making a group such as “Users” in the Activey Directory on the Domain Controller, and then setting the “Active Directory – Domain Base” to CN=Users,DC=example,DC=com

Hope this makes sense. If you need further assistance, I can set up a dev EMR example and screenshot the steps involved.


(shivam) #9

Thank you so much David, This Answers my question And I tested working fine also.

One last thing, I have two domain controllers in Active Directory and I am trying to add them in openEMR.

I tried with comma(,) between two DC IPs and semicolon But none seems to working.

Do you know how can we have two domain controllers defined for connectivity between OpenEMR and AD.

Thank you,
Shivam


(David Nichols) #10

Sure thing! This community has helped me immensely over the past year in my own installation, set up, and troubleshooting; happy to help when I can.

As far as the dual DCs; I am having the same problem myself. I tried the comma(,) and just a space and neither worked.

The field is labeled “Active Directory - Domains Controllers” with the “s” so I am thinking there should be a way of making it work, but would need the developers to weigh in on that one.

Best,
Dave


(shivam) #11

Thank you David, Will wait for developers input on this.

Regards,
Shivam