go to post Scott Roth · Feb 26, 2018 To verify against LDAP we needed a separate user other than the user trying to log into the system.Also to make it easier on all parties involved instead of using new Attributes in LDAP, I had a group created that I could match up against a role of the same name in Ensemble.So if I have an additional user I need to use to verify as the LDAP search user, how would I store the user name and password in this scenario?
go to post Scott Roth · Feb 26, 2018 ZAUTHENTICATE(ServiceName,Namespace,Username,Password,Credentials,Properties) PUBLIC { #include %occErrors #include %sySecurity #include %syLDAP s LDAPServer="xxxxx.xxxxxx.xxxx" s LD=##Class(%SYS.LDAP).Init(LDAPServer) i LD=0 { s Status=##Class(%SYS.LDAP).GetLastError() //g Error } s LDAPUser = "ensemble.Services" s LDAPPass = "xxxxxxxxxxxxxxxxxxxxxxxxxxx" s Status=##Class(%SYS.LDAP).Binds(LD,"",$lb(LDAPUser,"",LDAPPass),$$$LDAPAUTHNEGOTIATE) i Status'=$$$LDAPSUCCESS q $SYSTEM.Status.Error($$$InvalidUsernameOrPassword) s BaseDN="dc=OSUMC,dc=EDU" s Filter="sAMAccountname="_Username s Attributes=$lb("sAMAccountname","displayName","mail") s Status=##Class(%SYS.LDAP).SearchExts(LD,BaseDN,$$$LDAPSCOPESUBTREE,Filter,Attributes,0,"","",10,1,.SearchResult) i Status'=$$$LDAPSUCCESS { w !,"SearchExts error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status) g Done } s CurrentEntry=##Class(%SYS.LDAP).FirstEntry(LD,SearchResult) i CurrentEntry=0 { s Status=##Class(%SYS.LDAP).GetError(LD) w !,"FirstEntry error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status) g Done } s DN=##Class(%SYS.LDAP).GetDN(LD,CurrentEntry) s Attribute=##Class(%SYS.LDAP).FirstAttribute(LD,CurrentEntry,.Ptr) while (Attribute'="") { s Values=##Class(%SYS.LDAP).GetValuesLen(LD,CurrentEntry,Attribute) //w Values s Properties("Attributes",Attribute)=Values //w Attributes(Attribute) s Attribute=##Class(%SYS.LDAP).NextAttribute(LD,CurrentEntry,.Ptr) } s Properties("Username")=$li(Properties("Attributes","sAMAccountName")) k Properties("Attributes","sAMAccountName") s Properties("FullName")=$li(Properties("Attributes","displayName")) k Properties("Attributes","displayName") s GroupFilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:="_DN_"))" s GroupAttributes="" s Status=##Class(%SYS.LDAP).SearchExts(LD,BaseDN,$$$LDAPSCOPESUBTREE,GroupFilter,GroupAttributes,0,"","",10,0,.GroupSearchResult) i Status'=$$$LDAPSUCCESS { w !,"SearchExts error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status) g Done } s GroupNumEntries=##Class(%SYS.LDAP).CountEntries(LD,GroupSearchResult) i GroupNumEntries=-1 { s Status=##Class(%SYS.LDAP).GetError(LD) //w !,"CountEntries Group error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status) g Done } w ! i GroupNumEntries=0 { w !,"No nested groups for "_Username_" found" g Done } i GroupNumEntries>0 { //w !,"Found "_GroupNumEntries_" nested groups for user "_Username } #;Get the dn of the first entry returned. s GroupCurrentEntry=##Class(%SYS.LDAP).FirstEntry(LD,GroupSearchResult) i GroupCurrentEntry=0 { s Status=##Class(%SYS.LDAP).GetError(LD) w !,"FirstEntry error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status) g Done } s Groups="" While (GroupCurrentEntry'=0) { s GroupDN=##Class(%SYS.LDAP).GetDN(LD,GroupCurrentEntry) i GroupDN="" { s Status=##Class(%SYS.LDAP).GetError(LD) w !,"GetDN Group error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status) q } s CN=$p(GroupDN,",",1) s AD=$p(CN,"=",2) s AD=$zcvt(AD,"L") set exists=''$d(^|"%SYS"|SYS("Security","RolesD",AD)) if exists{ s Properties("Roles") = AD w Properties("Roles") } #;Save for later display //w !,AD s GroupCurrentEntry=##Class(%SYS.LDAP).NextEntry(LD,GroupCurrentEntry) } Done i $d(SearchResult) d ##Class(%SYS.LDAP).MsgFree(SearchResult) i $d(GroupSearchResult) d ##Class(%SYS.LDAP).MsgFree(GroupSearchResult) #;Close the connection and free the LDAP in memory structures. i $d(LD) d ##Class(%SYS.LDAP).UnBinds(LD) q $SYSTEM.Status.OK() Error s $zt="" w !,"Cache error: "_$ze g Done }
go to post Scott Roth · Feb 19, 2018 When I run... f i=2:1:$LL(list2) write !,i,"",$p($li(list2,i),",") w i I am getting the output of 2Access.Ensemble.Developer.User2How can I remove the 2 from the beginning and ending of the string, then compare it to the %SYS Roles?ThanksScott
go to post Scott Roth · Feb 19, 2018 I believe it is either a String for a Fixed Sequence. I cut and pasted that from a document given to me to show me the LDAP/AD Attributes. I believe the structure is {CN= ,OU=, DC=, DC= , CN=,OSU=,DC=,DC=.....} so every time we see a CN its a new group which is what I want to key off of.
go to post Scott Roth · Feb 19, 2018 You can use a Data Lookup table to specify the Subject based on the Error you are looking for.
go to post Scott Roth · Feb 19, 2018 So I am trying to take a list of....managedObjects : {CN=Access.Ensemble.Developer.User,OU=Access Groups,DC=OSUMC,DC=EDU, CN=[CPD Admin],OU=Distribution Lists,DC=OSUMC,DC=EDU, CN=[MUSE_Access],OU=Distribution Lists,DC=OSUMC,DC=EDU, CN=[IT eMaterials],OU=Distribution Lists,DC=OSUMC,DC=EDU...}How can I put this into a list and properly filter out the values I need. For Example Access.Ensemble.Developer.User is my end target that corresponds to a role of that same name.I am struggling with how to appropriately pull this information out so I can do the IF statements below.
go to post Scott Roth · Feb 16, 2018 I have run into a case where the Last Name or First Name contains a Hyphen but no spaces between the Hyphen and the split name. I have tried "S", but that seemed not to help.Anyone have suggestions on how to handle names with a hyphen besides doing an IF statement, and Piecing the Name apart to make it Proper Case?
go to post Scott Roth · Feb 15, 2018 You can try the following... https://community.spiceworks.com/topic/255740-powershell-script-to-show-all-groups-in-ad
go to post Scott Roth · Feb 15, 2018 Do you have access via Powershell? I was given some AD commands to pull using Powershell. I used this information to make sure the AD Group was being set correctly, and to figure out what to look for in my ZAUTHENTICATE that I am trying to build.
go to post Scott Roth · Feb 9, 2018 Thanks did not realize that Cache had a function built in for that.
go to post Scott Roth · Feb 7, 2018 The application is sending us the following back... Of course it does not match up to any structure but like you said they probably have omitted the backslash from the ACK causing the error. MSH|^~\&|GCRC|RDM|INTENG||20180207084732||SIU^S12|70577207|P|2.3| MSA|AA|Successful| I went ahead and made copies of 4 different EnsLib.HL7 classes, and modified the Parser to not throw the warning message. So for it is working like it should.
go to post Scott Roth · Feb 6, 2018 This was a custom interface written some time ago, and only maintained by hiring someone outside to update the contents of the software.We are getting the following warning message "Discarding received non-HL7 data(1) 'r'" . We have tried different framing values to no avail, and it still wants to log this warning. We were just looking for a way to shut this warning off for just this one Operation.
go to post Scott Roth · Feb 5, 2018 I have found that the text of "Discarding Received non HL7 data" lives in the EnsLib.HL7.Parser.cls. Has anyone tired to copy and make their own HL7.Parser that would not throw this warning message? It seems pretty simple but I am having issues trying to call my updated Parser.cls. All I want to do it comment this error out so it is not thrown and taking up database space. ThanksScott
go to post Scott Roth · Jan 24, 2018 When calling a SQL call, I normally return the value in a Snapshot. You can do this 1 of two ways...1. Set two variables....One for the Outbound HL7 Message, and one for the structure of your snapshot. Set your source equal to your snapshot variable and your target being the Outbound HL7 context variable. Use a Data transformation to take the information from the Snapshot and insert it into the HL7.2. Create a variable for your ID variable, and loop through the Snapshot to set that ID variable. Then create a dummy data transformation that you can use to set your HL7 field to your context.ID variable.I have plenty of examples of doing this in either way. There might be others that have a better solution, its just what I have used in the past.Scott RothThe Ohio State University Wexner Medical Center
go to post Scott Roth · Jan 12, 2018 No luck but thanks.I took the query from $$$LOGINFO(select) and executed it fine in SQL Server. It showed Ensemble should of returned 185 rows.For every database pull Ensemble stores either that whole message or a key value so it knows that record has already been read. I can't figure out how to get around that when I do a ExecuteQuery() call inside my Operation.
go to post Scott Roth · Nov 3, 2017 Simplifying the query to just the select statement worked, however is there a good way to convert date/time from GMT to EST?
go to post Scott Roth · Oct 20, 2017 thanks...the documentation isn't took clear on how to at %ListOfObjects to a snapshot.
