Материал: part02
Page 116 |
DICOM PS3.2 2020a - Conformance |
B.4.3.2.4 LDAP
LDAP can be used to obtain information about network Application Entities. The identity of an LDAP server can be obtained using the Find LDAP Server Transaction of the DICOM Application Configuration Management Profile (i.e., a DNS SRV RR query for the LDAP service) and the first LDAP server returned will be used. The Service/Installation Tool can also be used to manually configure the identity of an LDAP server (a manually entered value takes precedence).
LDAP Basic Authentication can be configured via the Service/Installation Tool by specifying a bind DN and password. If LDAP Basic Authentication is not configured the LDAP client will bind anonymously.
The supported LDAP Security Profiles are:
•Basic
•Basic-Manual
•Anonymous
•Anonymous-Manual
The use of LDAP to publish and obtain device configuration information is described in Section B.4.4.
B.4.3.3 IPv4 and IPv6 Support
This product only supports IPv4 connections.
B.4.4 Configuration
B.4.4.1 AE Title/Presentation Address Mapping
B.4.4.1.1 Local AE Titles
All local applications use the AE Titles and TCP/IP Ports configured via the Service/Installation Tool. The Field Service Engineer can configure the TCP Port via the Service/Installation Tool. No Default AE Titles are provided. The AE Titles must be configured during installation. The local AE Title used by each individual application can be configured independently of the AE Title used by other local applications. If so configured, all local AEs are capable of using the same AE Title.
Table B.4.4-1. AE Title Configuration Table
Application Entity |
Default AE Title |
Default TCP/IP Port |
Storage |
No Default |
104 |
Workflow |
No Default |
Not Applicable |
Hardcopy |
No Default |
Not Applicable |
B.4.4.1.1.1 Obtaining Local Configuration From LDAP Server
The Service/Installation Tool can be used to specify that an LDAP Server be the master of local configuration information. The Query LDAP Server transaction of the Network Configuration Profile is used to obtain configuration information. The LDAP
Server will be queried for updated information at boot time but the query can also be manually invoked from the Service/Installation Tool. A search is performed for an LDAP entity within the DICOM configuration sub-tree having an identical device name (as entered in the Service/Installation Tool). The local configuration will be updated to match the central configuration (i.e., AE Titles, TCP Port Numbers, Peer AEs, Private Data, etc). The central configuration information will be checked for consistency before the local config- uration is updated.
The configuration parameters that can be updated by the central LDAP server and can affect the local configuration for the device are listed in the Table below:
- Standard -
|
DICOM PS3.2 2020a - Conformance |
Page 117 |
|
Table B.4.4-2. Device Configuration Parameters Obtained From LDAP Server |
|
||
LDAP object class |
LDAP attribute |
Local Meaning |
|
dicomDevice |
dicomDescription |
Displayed in the Service/Installation Tool |
|
dicomDevice |
dicomVendorData |
Private device configuration parameters (e.g., examination |
|
|
|
protocol codes and parameters) |
|
dicomDevice |
dicomDeviceType |
Displayed in the Service/Installation Tool |
|
The Application Entities described by the LDAP server are matched to the supported local application entities (Storage, Workflow or Hardcopy) by inspecting the private information within the dicomVendorData attribute for each dicomNetworkAE.
The configuration parameters that can be updated by the central LDAP server and affect the local configuration for each supported local AE are listed in the Table below:
Table B.4.4-3. AE Configuration Parameters Obtained From LDAP Server
LDAP object class |
LDAP attribute |
Local Meaning |
dicomNetworkAE |
dicomAETitle |
Local AE Title(s) |
dicomNetworkAE |
dicomDescription |
Displayed in the Service/Installation Tool |
dicomNetworkAE |
dicomNetworkConnectionReferenceAssociated network connection parameters |
|
dicomNetworkAE |
dicomPeerAETitle |
Default collection of Peer AE |
dicomNetworkAE |
dicomVendorData |
PrivateAEconfigurationparameters(e.g.,timeouts,max |
|
|
PDU lengths, maximum number of simultaneous |
|
|
associations). |
dicomNetworkAE |
dicomApplicationCluster |
Displayed in the Service/Installation Tool |
The configuration parameters that can be updated by the central LDAP server and affect the local configuration for the network con- nection are listed in the Table below:
Table B.4.4-4. Network Connection Configuration Parameters Obtained From LDAP Server
LDAP object class |
LDAP attribute |
Local Meaning |
dicomNetworkConnection |
dicomHostname |
Hostname |
dicomNetworkConnection |
dicomPort |
TCP Port |
B.4.4.1.1.2 Publishing Local Configuration to LDAP Server
The Service/Installation Tool can be used to publish local configuration information to the LDAP Server.
TheLDAPclientwillbindtotheserverusingLDAPBasicAuthentication(oranonymouslyifLDAPBasicAuthenticationisnotconfigured). The LDAP Client expects that the necessary DICOM Root objects exist in the LDAP DIT and performed searches to identify the fol- lowing information:
a.The DN of the dicomConfigurationRoot identifying the root if all DICOM Configuration information.
b.The DN of the dicomDevicesRoot under which new devices can be inserted
c.The DN of the dicomUniqueAETitlesRegistryRoot under which unique AE Titles can be registered
d.The DN of any existing dicomDevice object that represents the device hosting the LDAP client (dicomDeviceName identical to locally configured device name).
ModificationscanbemadetoexistingLDAPentriesforthedeviceornewentrieswillbecreatedifnecessary.Itispossibletomanually assign AE Titles for each local Application Entity or to automatically generate random AE Titles. In both cases, the LDAP server is queried to determine that the AE Titles are currently unused.
- Standard -
Page 118 |
DICOM PS3.2 2020a - Conformance |
Twodifferentmethods(ManualandAutomatic)aresupportedtoupdatetheLDAPserverandanappropriatemethodmustbeselected depending on the security policies enforced by the LDAP server.
Manual Update
•An LDIF file (RFC 2489) will be created containing all new or updated LDAP objects and attributes. The objects will be appropriately located in the server's LDAP tree. The LDIF file will be written to the local file system or to exchangeable media (e.g., floppy). The file can be transferred to the LDAP server and imported using server specific tools.
Automatic Update
•The LDAP client will attempt to register unique AE Titles. If the manually chosen AE Titles are manually already in use the update will be aborted and new AE Titles must be chosen. If AE Titles were randomly selected the LDAP client will use the random AE Titleallocationtechniquedescribedbythe"UpdateLDAPServer"transactionoftheDICOMApplicationConfigurationManagement Profile.
•TheLDAPclientwillcreatenewLDAPobjectsorupdateexistingobjectsasnecessaryatappropriatelocationsintheserver'sLDAP tree.
•If the server refuses any object creation or update operation the Automatic Update will be aborted. In case of failure, the LDAP server may contain partial configuration information that must be corrected by the LDAP server administrator.
The same set of LDAP objects and attributes will be entered into the LDAP DIT for both the Manual and Automatic Update methods. ValuesforallconfigurableattributescanbeenteredusingService/InstallationTool.TableB.4.4-5liststheattributesanddefaultvalues created for the installed device.
Table B.4.4-5. Device Configuration Parameters Updated On LDAP Server
LDAP object |
|
LDAP attribute |
Configurable (Yes/No) |
Default Value |
|
class |
|
|
|
|
|
dicomDevice dicomDeviceName |
Yes |
|
|
||
dicomDescription |
Yes |
Radio-Fluoroscopic Image Acquisition |
|||
|
|
|
|
Modality |
|
dicomManufacturer |
No |
EXAMPLE-IMAGING-PRODUCTS |
|||
dicomManufacturerModelName |
No |
Example-Integrated-Modality |
|||
dicomVersion |
No |
|
1 |
||
dicomPrimaryDeviceType |
No |
|
RF |
||
dicomVendorData |
Yes |
|
|
||
Table B.4.4-6 lists the attributes and default values used to describe the network configuration: |
|
||||
Table B.4.4-6. Network Connection Configuration Parameters Updated On LDAP Server |
|||||
LDAP object class |
LDAP attribute |
Configurable (Yes/No) |
Default Value |
||
dicomNetworkConnection |
dicomHostname |
Yes |
|
||
|
|
dicomPort |
Yes |
104 |
|
The Table below lists the attributes and default values used to describe the Storage AE: |
|
|
|||
Table B.4.4-7. Storage AE Configuration Parameters Updated On LDAP Server |
|||||
LDAP object class |
|
LDAP attribute |
Configurable |
|
Default Value |
|
|
|
(Yes/No) |
|
|
dicomNetworkAE |
dicomAETitle |
Yes |
|
|
|
|
dicomDescription |
Yes |
Storage Application |
||
|
dicomPeerAETitle |
Yes |
|
|
|
- Standard -
|
DICOM PS3.2 2020a - Conformance |
Page 119 |
|
LDAP object class |
LDAP attribute |
Configurable |
Default Value |
|
|
(Yes/No) |
|
|
dicomVendorData |
Yes |
|
|
dicomApplicationCluster |
Yes |
|
|
dicomAssociationInitiator |
No |
TRUE |
|
dicomAssociationAcceptor |
No |
TRUE |
dicomTransferCapabilitydicomSOPClass |
No |
X-Ray Radiofluoroscopic Image Storage |
|
|
|
|
Grayscale Softcopy Presentation State |
|
|
|
Storage |
|
|
|
Storage Commitment Push Model |
|
dicomTransferRole |
No |
SCU |
|
dicomTransferSyntax |
Yes |
Explicit VR Little Endian |
|
|
|
Implicit VR Little Endian |
The Table below lists the attributes and default values used to describe the Workflow AE:
Table B.4.4-8. Workflow AE Configuration Parameters Updated On LDAP Server
LDAP object class |
LDAP attribute |
Configurable(Yes/No) |
Default Value |
|
dicomNetworkAE |
dicomAETitle |
Yes |
|
|
|
dicomDescription |
Yes |
Workflow Application |
|
|
dicomPeerAETitle |
Yes |
|
|
|
dicomVendorData |
Yes |
|
|
|
dicomApplicationCluster |
Yes |
|
|
|
dicomAssociationInitiator |
No |
TRUE |
|
|
dicomAssociationAcceptor |
No |
FALSE |
|
dicomTransferCapabilitydicomSOPClass |
No |
Modality Worklist Information Model - |
||
|
|
|
FIND |
|
|
|
|
Modality Performed Procedure Step |
|
|
dicomTransferRole |
No |
SCU |
|
|
dicomTransferSyntax |
Yes |
Explicit VR Little Endian |
|
|
|
|
Implicit VR Little Endian |
|
The Table below lists the attributes and default values used to describe the Hardcopy AE:
Table B.4.4-9. Hardcopy AE Configuration Parameters Updated On LDAP Server
LDAP object class |
LDAP attribute |
Configurable(Yes/No) |
Default Value |
|
dicomNetworkAE |
dicomAETitle |
Yes |
|
|
|
dicomDescription |
Yes |
Hardcopy Application |
|
|
dicomNetworkConnectionReference |
n/a |
|
|
|
dicomPeerAETitle |
Yes |
|
|
|
dicomVendorData |
Yes |
|
|
|
dicomApplicationCluster |
Yes |
|
|
|
dicomAssociationInitiator |
No |
TRUE |
|
- Standard -
Page 120 |
DICOM PS3.2 2020a - Conformance |
|
|
|
LDAP object class |
LDAP attribute |
Configurable(Yes/No) |
Default Value |
|
|
dicomAssociationAcceptor |
No |
FALSE |
|
dicomTransferCapabilitydicomSOPClass |
No |
Basic Grayscale Print Management |
||
|
|
|
Meta |
|
|
|
|
Presentation LUT |
|
|
dicomTransferRole |
No |
SCU |
|
|
dicomTransferSyntax |
Yes |
Explicit VR Little Endian |
|
|
|
|
Implicit VR Little Endian |
|
B.4.4.1.2 Remote AE Title/Presentation Address Mapping
The AE Title, host names and port numbers of remote applications are configured using the EXAMPLE-INTEGRATED-MODALITY Service/Installation Tool.
B.4.4.1.2.1 Storage
The EXAMPLE-INTEGRATED-MODALITY Service/Installation Tool must be used to set the AE Titles, port-numbers, host-names andcapabilitiesfortheremoteStorageSCPs.AssociationswillonlybeacceptedfromknownAETitlesandassociationsfromunknown AE Titles will be rejected (an AE Title is known if it can be selected within the Service/Installation Tool). Multiple remote Storage SCPs canbedefined.AnyStorageSCPcanbeconfiguredtobean"Archive"devicecausingstoragecommitmenttoberequestedforimages or presentation states transmitted to the device.
IfanLDAPserverisavailable,theService/InstallationToolwillsearchforsuitableremoteStorageSCPsandpresenttheseforselection. If the LDAP object for the Storage AE contains one or more dicomPeerAETitle attributes then only these Peer AEs will be available forselection.Otherwise,remoteAEswillonlybeavailableforselectioniftheysupportcompatibleSOPClassesasanSCP.Ifaremote AE is attached to a device containing a dicomDeviceType attribute with value "ARCHIVE" it will be automatically configured as an "Archive" device provided the AE also supports Storage Commitment as an SCP.
These LDAP-assisted selection policies can be overridden and a search performed for a specific device or AE Title.
B.4.4.1.2.2 Workflow
The EXAMPLE-INTEGRATED-MODALITY Service/Installation Tool must be used to set the AE Title, port-number, host-name and capabilities of the remote Modality Worklist SCP. Only a single remote Modality Worklist SCP can be defined.
If an LDAP server is available, the Service/Installation Tool will search for suitable remote Modality Worklist SCPs and present these for selection. Remote AEs will only be available for selection if they support the Modality Worklist SOP Class as an SCP. If a remote AE is attached to a device containing a dicomDeviceType attribute with value "DSS" (Department System Scheduler) it will be presented as the preferred selection.
The EXAMPLE-INTEGRATED-MODALITY Service/Installation Tool must be used to set the AE Title, port-number, host-name and capabilities of the remote MPPS SCP. Only a single remote MPPS SCP can be defined.
IfanLDAPserverisavailable,theService/InstallationToolwillsearchforsuitableremoteMPPSSCPsandpresenttheseforselection. Remote AEs will only be available for selection if they support the MPPS SOP Class as an SCP. If a remote AE is attached to a device containingadicomDeviceTypeattributewithvalue"DSS"(DepartmentSystemScheduler)itwillbepresentedasthepreferredselection.
B.4.4.1.2.3 Hardcopy
TheEXAMPLE-INTEGRATED-MODALITYService/InstallationToolmustbeusedtosettheAEs'AETitles,port-numbers,host-names, IPaddresses and capabilities for the remote Print SCPs.
Multiple remote Print SCPs can be defined.
If an LDAP server is available, the Service/Installation Tool will search for suitable remote Print SCPs and present these for selection. Remote AEs will only be available for selection if they support the Basic Grayscale Print Management Meta SOP Class as an SCP. If a remote AE is attached to a device containing a dicomDeviceType attribute with value "PRINT" (Hard Copy Print Server) it will be presented as the preferred selection.
- Standard -