LDAP Interface
The LDAP Interface manages the interface between the RALS™ SYSTEM and remote LDAP servers in a hospital’s LDAP system. The LDAP Interface is not enabled by default in the RALS™ SYSTEM; it must be manually enabled.
Jump to a heading on this page:
LDAP Setup
LDAP Status
Syncing Operators via the LDAP Interface
Adding Operators via the LDAP Interface
Editing Operators via the LDAP Interface
Activating Operators via the LDAP Interface
Deactivating Operators via the LDAP Interface
LDAP Setup
If the LDAP feature is required in the RALS™ SYSTEM, there is setup that will need to be done in System Settings before the LDAP Interface can be configured and used.
Likewise, if enhanced security protocols (TLS/SSL) are being used in the hospital’s system, then your IT support will need to take additional steps to configure your system.
LDAP Status
There are three statuses associated with the LDAP Interface:
The Health status, which provides the status of LDAP based on the last sync, is located in the Statuses data table and can be accessed in the RALS™ SYSTEM navigation under the Dashboard menu.
The health for LDAP will be in one of the following states:
| Icon | Health | Notes |
|---|---|---|
|
Running | Last Update Time is less than 5 minutes in the past, and last sync of an LDAP configuration was successful |
|
In Error | Last Update Time is less than 5 minutes in the past, but criteria for Running does not apply, which includes instances such as a connection problem, a configuration that has a Sync Status of “Error,” or LDAP has never been enabled |
|
Not Running | Last Update Time is more than 5 minutes in the past |
The LDAP configuration’s Sync Status is located in the LDAP Configurations data table and in the configuration’s details, and it displays the status of the individual configuration (for more information about an LDAP configuration’s Sync Status, see Sync Status).
The LDAP session’s Status, which can be accessed in the LDAP Session’s data table in either the Sessions tab of the configuration’s details or the RALS™ SYSTEM navigation under the Logs menu, displays the status of the specified sync session (for more information about an LDAP session’s Status, see Status).
Syncing Operators via the LDAP Interface
When an LDAP configuration is synced, the LDAP Interface will independently process the following sync actions (as specified in the configuration) during an operator import:
- Add Operators
- Edit Operators
- Deactivate Operators
- Activate Operators
Note: For the Add Operators and Edit Operators sync options, only valid operators will be added/edited. A valid operator is an operator, obtained from the LDAP server based on the (synced) LDAP configuration’s mappings, that did not generate any validation error.
Each time an LDAP configuration is synced, either manually or automatically, that sync is recorded. This history of sync sessions can be viewed for all LDAP configurations (under the Logs menu) or for an individual LDAP configuration (from the configuration’s details page).
See LDAP Sessions for more information about sessions.
See Operators for more information about operators.
Automatic Sync
Automatic sync runs on all active LDAP configurations by sync order where the automatic sync setting is enabled. See LDAP Configuration - Fields for more information about sync order.
Manual Sync
Manual sync can be run on one or more active LDAP configurations at any time by a RALS™ SYSTEM user with LDAP Manage permissions.
Adding Operators via the LDAP Interface
When an LDAP configuration is synced, operators may be automatically added in the RALS™ SYSTEM. The logic for adding operators is as follows:
Does Not Match
Any RALS Operator's
LDAP Unique ID] B --> D[Operator ID
Does NOT Match
Any RALS Operator ID] D --> E{Configuration
Supports
Adding
Operators?} E -->|Yes| G{Added Operators
Are Valid?} G -->|Yes| I(RALS Operator
Added
During Sync) G -->|No| F B --> C[Operator ID Matches
Existing RALS Operator ID,
but RALS Operator Has a
Mismatched LDAP Unique ID] C --> H[Log Error Due to
Duplicate Operator ID
Attempt] H --> F E -->|No| F(No RALS
Operator Added)
Note: This diagram is not supported in Internet Explorer.
Editing Operators via the LDAP Interface
When an LDAP configuration is synced, operators may be automatically edited in the RALS™ SYSTEM. The logic for editing operators is as follows:
Existing RALS Operator's
LDAP Unique ID] B --> E{Configuration
Supports Editing
Operators?} E -->|Yes| H{Added Operators
Are Valid?} E -->|No| G(No RALS
Operator Edited) H -->|Yes| F(RALS Operator
Edited
During Sync) H -->|No| G(No RALS
Operator Edited) A --> C[Operator ID Matches Existing
RALS Operator's Operator ID
but RALS Operator Does Not
Have an LDAP Unique ID] C --> E A --> D[LDAP Unique ID Does Not
Match Any RALS Operator's
LDAP Unique ID] D --> G
Note: This diagram is not supported in Internet Explorer.
Activating Operators via the LDAP Interface
When an LDAP configuration is synced, deactivated operators may be automatically activated in the RALS™ SYSTEM. The logic for activating operators is as follows:
Matches Existing RALS
Operator's LDAP Unique ID
or
Operator ID Matches
Existing RALS Operator's
Operator ID but
RALS Operator Does Not
Have an LDAP Unique ID] B -->|Yes| C{Configuration
Supports Activating
Operators?} C -->|Yes| D{Is the RALS
Operator
Deactivated?} D -->|Yes| E(RALS Operator
Activated
During Sync) B -->|No| F(RALS Operator NOT
Activated During Sync) D -->|No| F C -->|No| F
Note: This diagram is not supported in Internet Explorer.
Deactivating Operators via the LDAP Interface
When an LDAP configuration is synced, active operators may be automatically deactivated in the RALS™ SYSTEM. The logic for deactivating operators is as follows:
LDAP Configuration =
LDAP Configuration
Being Synced) --> B[LDAP Unique ID
Does Not Match
Any LDAP Operator's
LDAP Unique ID
or
Does Not Have
an LDAP Unique ID and
Operator ID
Does Not Match
Any LDAP Operator's
Operator ID] B -->|Yes| C{Configuration
Supports Deactivating
Operators?} C -->|Yes| D{Is the RALS
Operator
Active?} D -->|Yes| E(RALS Operator
Deactivated
During Sync) B -->|No| F(RALS Operator NOT
Deactivated During Sync) C -->|No| F D -->|No| F
Note: This diagram is not supported in Internet Explorer.