It is possible to login to iGene using Active Directory credentials (Windows username and password). This means that all passwords are handled by the in-house IT team and users do not need to remember another password which may expire.
In order for iGene to still function, users MUST be created within iGene. Access control to iGene is still performed within the application as well as permissions.
LDAP authenticates by passing on the credentials supplied by a user and attempting to bind to the active directory. If this is successful, then the user is authorised, if not an error code is passed back and displayed. Details of these error codes and the meanings are in the common LDAP issues section.
LDAP is configured within the iGene config file. The config file cannot be changed on the fly and iGene must be restarted at each change. Items within the config file, which will need changing, are detailed within the config file.
Creating LDAP users within iGene is the same process as creating another user with the application. The difference is that the password is handled external to iGene and some fields require careful entry.
The username for the user will need to match the Windows username exactly, but it will not need the suffix. For example, if a username is ‘john.smith@thehospital.com’ then the username would need to be ‘john.smith’, it is not needed to have the ending as that is specified in the iGene config file.
In order to specify a user is a LDAP user, the ‘Active Directory User’ box must be checked on the user creation screen (Administration > Users). This will also set the ‘Password Options’ to be ‘Not Needed’ as the password is handled by the active directory server.
If there are issues with LDAP authentication then the errors code will be passed back. Details of these error codes can be found on many websites. The one provided is the clearest example.
The most common issue will be error code 49. This is where a password has expired and needs to be changed by the user.