Once EASA 5.3 has been installed on an EASA Server, the LDAP custom authentication process can be configured through the LDAP server. The steps below detail the stages of enabling LDAP in EASA.

• Stop the EASA Server service.

• Open the Menu.properties file located at \EasaServerData\admin\config

• Add the line easa.server.menu1 = com.easa.custom.auth.ldap.LDAPMenu

• Save the document.

• Start EASA Server.

• Login to EASA Server. Set EASA→Set Mode→Administrator.

• Click EASA→Configure→LDAP tab.

• Fill out LDAP form with your credentials and click the Save button.

 UserName:CN=Administrator,OU=Users,DC=easa,DC=com
 Password=<Corporate Password>
 connectionURL=ldap://192.168.0.111
 connectionQueryPort=389
 userBase=CN=Users,DC=easa,DC=com
 userSearch=sAMAccountName (the value will be your EASA's username)

• Log out of EASA and close the browser
• Stop EASA Server
• Open the Authentication.properties file located at \EasaServerData\admin\config
• Comment Out (prepend a # symbol to the line):
  AuthenticationClass = backend.DefaultAuthenticator
• Uncomment (remove initial # symbol) in line:
  #AuthenticationClass = com.easa.custom.auth.ldap.LDAPAttributeAuthenticator
• Save document.
• Open auth.properties file located at \EasaServerData\admin\config
• For the string admin.user = admin replace 'admin' with your username.
• For the string create.user = false replace 'false' with 'true'.
• Save the file.
• Start the EASA Server service.
• Login to EASA with your LDAP credentials.

Note: The Base DN that is configurable on the LDAP tab in the userBase parameter will allow all users in the specified Base DN access to EASA when create.user is set to True. See details below.

The auth.properties file as mentioned above contains several key parameters to control the behaviour of the authentication:

• admin.user: should be configured with an LDAP username (the local EASA administrator for example) to ensure that at least one user always has access to admin mode on the server.

• create.user: determines whether or not an EASA user is automatically created the first time a user connects with LDAP. Behavior is as follows:
  
  
  • True: any user with a valid LDAP account will be able to login and will have a user account created in EASA. The users can be stopped from automatically seeing any EASAPs with another parameter, described below. This option is useful when dealing with a large number of users.
    
    
  • False: the users need to be created in EASA first, and can then login using their LDAP credentials. The username in EASA should match the LDAP username. This method is more secure as only the users that you specify will be able to access EASA. This method is useful when dealing with a relatively small number of users.

• default.group: sets a default EASA user group for accounts which are automatically created when create.user is true. This can be left on ‘All Categories’ when limiting access to the tools isn't a concern. However, it can also be set to a user group that doesn’t have any categories specified, so users who stray onto the system won’t see anything by default.

• auth.logging: troubleshooting option, passwords will be logged in plain text and so need to be changed after this is used.

• authentication.mode: can be set to 'basic' to enable HTTP basic authentication, which can advantageous to users if their browsers cache the login. Otherwise, it will retain the EASA login page if it is set to 'form'.

If you have issues, you’ll need to login to EASA with the backend Authenticator. Stop the EASA server and reopen the Authentication.properties file. Uncomment the

   AuthenticationClass = backend.DefaultAuthenticator

line by removing the hashtag (#) character and comment out

   
   AuthenticationClass = com.easa.custom.auth.ldap.LDAPAttributeAuthenticator

line by adding a hashtag (#) character as the first character.

You should then be able to login to EASA with the default username and password.